Data Protection
Officer-as-a-Service
Beyond compliance checklists, meet the experts who safeguard your data. With Malaysia’s PDPA (Amendment) Act 2024 now mandatory, trust Cygnus TrustGuard™ to provide you with a qualified DPO who understands your business as well as the law.
The landscape of data protection in Malaysia has fundamentally shifted. As of June 1, 2025, the Personal Data Protection (Amendment) Act 2024 has made the appointment of a Data Protection Officer (DPO) a legal imperative for many organizations. But this isn’t merely about fulfilling a statutory requirement; it’s about entrusting your most sensitive asset – data – to capable hands.
At Cygnus TrustGuard™, we believe a DPO isn’t just a title; it’s a strategic partnership. We provide experienced, qualified professionals who don’t just understand regulations, but actively integrate data protection into your business’s DNA. We are your “Benji” for data privacy, ensuring your compliance is a seamless #SolutionThatWorks.
The Face of Your Data Protection: Our DPO Team
At Cygnus, our DPO-as-a-Service is powered by individuals who combine deep legal understanding with practical business acumen. They are your direct link to compliance and your advocate for data integrity.
We are proud to feature:
Lead DPO: Is.Ts Eugene Teow
Is. Eugene Teow is our Certified Data Protection Officer (Level 2) and a driving force behind Cygnus TrustGuard™’s commitment to data integrity and compliance. With his profound academic background and practical expertise, Eugene brings a meticulous and strategic approach to navigating the complexities of data protection for our clients. He is recognized for his calm demeanor under pressure and his unwavering commitment to ensuring robust, actionable compliance strategies.
Academic & Professional Credentials:
Sc. (Hons) Information Technology with specialization in Forensic Computing
Certified Data Protection Officer (Level 2)
CPNLP, ABNLP, TLTP, ABNLP, ABH, ABNLP (Practitioner of Hypnosis, NLP Coach)
Key Expertise & Areas of Focus:
In-depth PDPA 2010 & 2024 Expertise
Extensive and up-to-date knowledge of Malaysian data protection laws, including the latest amendments and guidelines that came into effect on June 1, 2025.
Incident Response Leadership:
Experienced in guiding organizations through data breach incidents, including seamless engagement with the PDPC and timely notification procedures.
Data Forensic Computing Insights
Leveraging his specialized background to understand data vulnerabilities, potential breach points, and secure data handling processes from a technical perspective.
Strategic Advisory:
Proven track record in developing tailored data protection frameworks, advising on data processing agreements, and ensuring vendor accountability.
Compliance Audit & Gap Analysis:
Proven track record in developing tailored data protection frameworks, advising on data processing agreements, and ensuring vendor accountability.
Culture Cultivation:
Dedicated to fostering a strong data protection culture within client organizations through effective training and awareness programs.
Is a DPO Mandatory for Your Business?
The law is clear. Your organization is required to appoint a DPO if you fall into any of these categories:
You process personal data of more than 20,000 individuals.
You process sensitive personal data (including financial information) for more than 10,000 individuals.
Your activities involve regular and systematic monitoring of personal data (e.g., extensive CCTV, behavioral tracking for marketing).
Our DPO-as-a-Service: Beyond the Checklist
For many SMEs, hiring a full-time, in-house DPO with the requisite specialized knowledge and independence is neither practical nor cost-effective. Cygnus TrustGuard™ offers a flexible and robust outsourced DPO solution, providing you with qualified and experienced professionals like Eugene without the overheads. We recommend a minimum 2-year term for our outsourced DPOs to ensure stability and consistent oversight.
What Your Dedicated DPO-as-a-Service Includes:
Expert PDPA Guidance & Advisory:
Clear, practical advice on all aspects of PDPA compliance, including risk assessments and Data Protection Impact Assessments (DPIAs).
Proactive Compliance Audits:
Regular, thorough audits of your data processing activities to identify gaps and ensure ongoing adherence.
Data Protection Framework Development:
Assistance in drafting, revising, and implementing robust data protection policies, guidelines, and procedures tailored to your business.
Comprehensive Compliance Training:
Engaging workshops on Cyber Hygiene & Safe Computing, empowering your employees to become your first line of data defence.
Data Breach Management:
In case of a breach, our DPO liaises with the PDPC, manages mandatory notifications, and leads incident response.
Data Subject Rights Interface:
Handling inquiries and requests from individuals regarding their data rights (e.g., access, correction, erasure).
Your Responsibilities: A Partnership in Compliance
Once your DPO is in place, certain post-appointment requirements become vital:
Registration with PDPC:
Your DPO must be registered with the Personal Data Protection Commissioner within 21 days of their appointment.
Public Contact Information:
email, separate from personal accounts) must be published on your official website and other official media.
Organizational Support:
Provide adequate resources and ensure the DPO’s independence, timely involvement, and direct access to senior management.
Clarity on DPO Liability
It’s important to understand: The DPO is not personally liable for data protection compliance failures. The ultimate responsibility for compliance with the PDPA 2010 always remains with the data controller/data user or data processor – that is, your organization. Our DPO-as-a-Service helps you fulfill that responsibility effectively.
Don’t wait until it’s too late. The June 1, 2025 deadline is here. Ensure your organization is compliant and your data is secure. Contact Cygnus TrustGuard™ today to learn how our DPO experts like Eugene can partner with you.
