Job Description

Job Responsibities:

Compliance & Governance

Ensure full compliance with the Malaysian Personal Data Protection Act (PDPA) and other relevant data protection requirements. Establish and maintain data protection policies, procedures, and guidelines for all hotel departments (front office, reservations, F&B, spa, HR, finance, etc.). Conduct regular audits on data processing activities, including guest databases, CCTV, loyalty programs, and online booking systems. Monitor third-party service providers (e.g. booking engines, payment gateways, IT vendors) to ensure data protection clauses are in place.

Advisory & Risk Management

Advise management and department heads on data protection obligations and risks in daily operations. Review contracts, agreements, and new system implementations to ensure compliance with data privacy requirements. Conduct Data Protection Impact Assessments (DPIAs) for new projects or technologies involving personal data (e.g., guest feedback apps, CRM systems).

Guest & Employee Data Handling

Oversee the proper management of guest and staff personal information across all systems and manual records. Ensure consent forms, privacy notices, and data collection practices are transparent and up-to-date. Manage data subject requests (e.g., data access, correction, or deletion) promptly and in compliance with PDPA timelines.

Awareness & Training

Develop and conduct regular PDPA and data privacy training for hotel staff, including front-line employees handling guest information. Create awareness campaigns and reminders to promote best practices in handling confidential and personal data.

Incident & Breach Management

Lead the investigation and response process for any data breach incidents, including guest data exposure or system intrusion. Document, report, and recommend preventive measures following any incident. Coordinate with relevant authorities and communicate with affected parties if required by law.

Documentation & Reporting

Maintain up-to-date records of all data processing activities in the hotel. Prepare periodic reports on data protection compliance status for management review. Act as the official point of contact for the Personal Data Protection Department (JPDP) and handle all communications regarding data protection matters.

Qualifications & Requirements:

Bachelor's Degree in Law, Information Technology, Business Administration, or related field. Professional certification in Data Protection (e.g. PDP Practitioner Certificate, CIPP/E, CIPM) preferred. Minimum 2 years of experience in data protection, compliance, or IT governance roles -- experience in the hospitality industry is an advantage. Strong knowledge of PDPA and understanding of hotel operations and guest data flows. Excellent communication, analytical, and organisational skills. High ethical standards and commitment to confidentiality. Computer literate, good oral and written English language and Bahasa Melayu. Applicants must be Malaysian. Willing to work at Putra Nilai.

Core Competencies:

Strong sense of integrity and accountability. Attention to detail and accuracy. Good interpersonal and training skills. Ability to collaborate with cross-department teams (Front Office, IT, HR, Finance). Proactive in identifying and mitigating data protection risks.
Job Types: Full-time, Permanent

Pay: RM2,200.00 - RM2,500.00 per month

Benefits:

Free parking Health insurance Meal provided Opportunities for promotion Professional development
Work Location: In person

Expected Start Date: 01/02/2026