32
Maybank Sustainability Report
2014
Corporate
Governance
Competition
The
Competition Act 2010
(the Act) came into force on 1 January 2012.
To facilitate Group-wide adherence, the Joint Secretariat to the Maybank
Group Antitrust Steering Committee (Joint Secretariat), which consists of
key representatives from Group Corporate and Legal Services, and Group
Compliance, developed a guide to the
Competition Act 2010
, which has
been disseminated to all staff via the Group’s e-portal.
The guide is intended to assist all staff in understanding the basic
elements of the Act and competition law issues, and to ensure that our
business operations and conduct continue to be in compliance with the
provision of the Act competition. It highlights two key prohibitions under
the Act, namely anti-competitive agreements (horizontal and vertical) and
abuse of dominant position.
G4-56
Personal Data Protection
The Group has embarked on a project to implement the requirements
specified under
Personal Data Protection Act 2010 (PDPA)
. This project,
which started in 2012, is jointly led by Group Compliance and Group Tax to
ensure that the entire Group complies with the requirements of the Act.
PDPA was introduced to regulate the processing of personal data used
during commercial transactions by data users (for example, Maybank
Group) to safeguard the interests of data subjects (for example, Maybank
Group’s customers). The Act defines commercial transactions as any
transaction of a commercial nature, whether contractual or not. This
includes any matters relating to supply or exchange of goods and services,
agency, investments, financing, banking, and insurance. The Act was
gazetted on 10 June 2010 and came into force on 15 November 2013.
The first step in complying with the PDPA is to register with the Jabatan
Perlindungan Data Peribadi Malaysia (JPDPM), the governing body under
the Ministry of Communications and Multimedia regulating personal data
protection. We take pride in being the first organisation in Malaysia to
register with JPDPM.
An example of the activities undertaken by the PDPA project team include:
• Issued Privacy Notice to all customer touch points to spell out
customer’s rights and the Group’s obligation under the Act;
• Incorporated Maybank Group PDPA Policy and other internal policies
necessary to Maybank’s internal processes and procedures to ensure
that all staff adheres strictly to the requirements of PDPA;
• Strengthened the Group’s internal systems to ensure that customers’
consent is well managed;
• Enhanced our internal systems to provide customers access to their
personal data in our systems. This exercise will comply with the
Access Principle under the PDPA.
We have taken steps to comply with the requirements of the PDPA,
including the publication of the Bank’s Privacy Notice on the bank’s
website and the notification to our customers through the message portal
on the bank’s ATM machines and customers’ statements of account that
the Bank’s Privacy Notice is available on its website.