Scribd
Upload
18 views1 page

India Vs Malaysia Data Residency Comparison 2025

India mandates data localization for payment system data, requiring it to be stored on servers within the country, while Malaysia does not have such mandates and allows cross-border data transfers under certain conditions. The Digital Personal Data Protection Act in India defers to sector-specific regulations, maintaining existing localization requirements. In Malaysia, data transfers are generally permitted unless a country is blacklisted, with specific guidelines for financial institutions focusing on data security and operational resilience.

Uploaded by

subhajeet.b2025
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
18 views1 page

India Vs Malaysia Data Residency Comparison 2025

India mandates data localization for payment system data, requiring it to be stored on servers within the country, while Malaysia does not have such mandates and allows cross-border data transfers under certain conditions. The Digital Personal Data Protection Act in India defers to sector-specific regulations, maintaining existing localization requirements. In Malaysia, data transfers are generally permitted unless a country is blacklisted, with specific guidelines for financial institutions focusing on data security and operational resilience.

Uploaded by

subhajeet.b2025
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

🇮🇳 India vs 🇲🇾 Malaysia – Data Residency Comparison (2025)

🇮🇳 India 🇲🇾 Malaysia

India mandates certain data localization. Malaysia does not mandate data
For example, the Reserve Bank of India localization. Cross-border transfers are
(RBI) directs that all payment system data permitted under the Personal Data
(customer info, transaction details) must Protection Act (PDPA) 2010, provided:
be stored on servers within India. - The data subject consents, or
- The transfer is necessary (e.g. for legal or
🔗 RBI Notification: contractual reasons), and
https://www.rbi.org.in/scripts/Notificatio - The recipient country offers comparable
nUser.aspx?Id=11244 protection, or contractual safeguards are in
place.
The new Digital Personal Data Protection
(DPDP) Act, 2023 defers to sectoral 🔗 Section 129 – PDPA Regulations 2013:
regulations, so RBI and SEBI data https://www.pdp.gov.my/jpdpv2/wp-
localization requirements remain content/uploads/2020/04/Personal-Data-
enforceable. Protection-Regulations-2013.pdf
🔗 JPDP FAQ – Cross-Border Transfers:
🔗 DPDP Act Summary: https://www.pdp.gov.my/jpdpv2/soalan-
https://www.meity.gov.in/data- lazim/
protection-framework
Malaysia uses a 'negative list' model —
transfers are allowed unless a country is
blacklisted.

For financial institutions, Bank Negara


Malaysia (BNM) does not require onshore
data storage, but mandates:
- Data security
- Operational resilience
- Regulatory access

🔗 BNM RMiT Guidelines:


https://www.bnm.gov.my/documents/201
24/938039/RMiT_Guidelines.pdf
🔗 BNM Outsourcing Policy:
https://www.bnm.gov.my/documents/201
24/938039/PD_2022_Outsourcing.pdf

You might also like