The Legal Insight Podcast by HHQ

The PDPA has changed—and so has the tone of enforcement. In this first episode of The Malaysia PDPA Authority Series, we sit down with Prof. Dr. Mohd Nazri bin Kama, former Personal Data Protection Commissioner of Malaysia, to understand what the 2024 PDPA Amendments really mean for businesses, legal practitioners, and the future of privacy in Malaysia. Expect clarity, context, and real talk about:   • Why the PDPA is no longer a “paper tiger”   

• The top enforcement priorities for 2024   

• How companies can finally get their compliance journey started   

• Practical steps for building a privacy-first culture

This podcast is produced by HHQ’s Business Development team. For speaking enquiries, visit https://hhq.com.my/podcast/

🔔 Don’t forget to like, subscribe, and hit the notification bell to stay updated on the latest episodes.

The conversation continues. The Securities Commission Malaysia is exploring tokenisation—what are the trade-offs?

In Part 2 of our special series on the SC’s consultation paper, we examine the legal, technical, and operational considerations around tokenised capital market products.

In this episode, Technology Practice Group Partners Ong Johnson and Khai Yi Lo are joined by Derrick Leong, Head of Legal and Compliance at IX Swap, with Zach Shaw hosting, to discuss:

• The rationale for dual record-keeping and its impact on blockchain solutions
• Key compliance considerations for issuers and registered market operators
• Enhanced disclosure requirements and SME readiness
• GTRM compliance: necessary safeguard or excessive burden?
• Next steps for Malaysia’s tokenisation roadmap

Whether you’re a legal advisor, regulator, or digital-asset entrepreneur, this episode offers a balanced look at the regulatory framework shaping Malaysia’s tokenisation journey.

🔔 Don’t forget to like, subscribe, and hit the notification bell to stay updated on the latest episodes.

Tokenisation isn’t coming. It’s here.
And the Securities Commission Malaysia wants your views.

Grab a snack and tune into this mega-episode of The Legal Insight Podcast, where we explore the SC’s public consultation paper on tokenised capital market products and what it means for fintech, legal, and investment players across the country.

In today’s episode, our Technology Practice Group Partners, Ong Johnson and Lo Khai Yi, return with special guest Derrick Leong, Head of Legal and Compliance at IX Swap, hosted by Zach Shaw, to unpack:

✅ What tokenisation really means (yes, with Lego analogies)
✅ Digital twin tokens vs. native tokens and why it matters
✅ The SC’s phased approach, is it wise or too cautious?
✅ Public vs. private chains and the battle of transparency vs. control
✅ Why dual compliance could slow Malaysia’s fintech growth

💡 Whether you’re a legal counsel, regulator, or crypto founder, this is the regulatory debate you can’t miss.

🔔 Don’t forget to like, subscribe, and hit the notification bell to stay updated on the latest episodes.

The “Wild West” days are over. Malaysia’s consumer credit space is going legit — and fast.

In this Part 2 of our deep dive into the Consumer Credit Bill 2025, we go beyond the basics and into the practical challenges facing Buy Now Pay Later (BNPL) providers and other fintech players.

In this episode of the HHQ Legal Insight Podcast, our Technology Practice Group Partners, Ong Johnson and Khai Yi Lo, join host Zach Shaw to answer the tough questions:

✅ What happens if you operate BNPL without a licence?
✅ What is the actual licensing process — and how strict is it?
✅ Can startups survive the financial and regulatory hurdles?
✅ What are the “fit and proper” tests for business owners?
✅ Can you buy a BNPL business — or transfer a licence?
✅ How should existing operators start preparing today?

💡 If you’re in fintech, compliance, or credit services — this episode is your survival guide.

🔔 Don’t forget to like, subscribe, and hit the notification bell to stay updated on our latest episodes.

Fintech is growing up — and so are the regulations.

Join us on The Legal Insight Podcast today as we unpack the Consumer Credit Bill 2025 — a game-changing law that’s about to reshape Malaysia’s consumer credit landscape.

In this episode of the The Legal Insight Podcast by HHQ, join our Technology Practice Group Partners, Ong Johnson and Khai Yi Lo, alongside host Zach Shaw, as they dive into:

✅ What the Bill actually regulates — from BNPL to factoring & leasing
✅ How the Bill draws the line between legal & illegal credit businesses
✅ Why unlicensed operations could face RM5 million fines or jail time
✅ Practical distinctions between BNPL vs. factoring vs. leasing
✅ Why this law signals fintech’s shift from grey area to compliance era

💡 If you’re running or advising a fintech or credit business — this episode is your compliance wake-up call.

🔔 Don’t forget to like, subscribe, and hit the notification bell to stay updated on our latest episodes.

With the latest amendments to Malaysia’s Personal Data Protection Act 2024, organizations are now legally required to report qualifying data breaches within 72 hours of discovery—or risk non-compliance.

In this episode of the HHQ Legal Insight Podcast, join our Technology Practice Group Partners, Ong Johnson and Khai Yi Lo, alongside host Zach Shaw, as they dive into:

✅ What triggers a mandatory data breach notification under the PDPA
✅ The meaning of “significant harm” and how to assess it
✅ DPO’s role in managing incidents and reporting to the Commissioner
✅ 72-hour response timeline – what to do and how to act fast
✅ Practical actions companies must take in the first hours after a breach
✅ Notifying affected data subjects and managing reputational risk

If you’re responsible for compliance, legal risk, or cybersecurity, this episode is a must-listen.

💬 𝐍𝐞𝐞𝐝 𝐡𝐞𝐥𝐩 𝐧𝐚𝐯𝐢𝐠𝐚𝐭𝐢𝐧𝐠 𝐝𝐚𝐭𝐚 𝐛𝐫𝐞𝐚𝐜𝐡 𝐜𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞?
Schedule a free consultation with our Technology Practice Group

In this episode of the Legal Insight Podcast, we dive into the critical requirements around appointing a Data Protection Officer (DPO) under Malaysia’s Personal Data Protection (Amendment) Act 2024. Schedule a free consultation at https://hhq.com.my/DPO Join Zach Shaw, along with Ong Johnson and Lo Khai Yi, Partners of HHQ’s Technology Practice Group, as they unpack:

• What exactly a DPO does and why the role is crucial.

• Who needs to appoint a DPO under the new thresholds.

• The pros and cons of appointing an internal vs outsourced DPO.

• Key qualifications, skills, and responsibilities every DPO should meet.

• Consequences of non-compliance with DPO appointment obligations.

Whether you’re running a growing business or managing compliance for a large organization, this episode offers practical guidance on strengthening your data governance framework before the 1 June 2025 compliance deadline.

In this episode, we continue our deep dive into the Personal Data Protection (Amendment) Act 2024 and what it means for businesses in Malaysia. Our lawyers, Ong Johnson, Head of the Technology Practice Group, and Lo Khai Yi, Co-Head of the Technology Practice Group at HHQ, break down: 

✅ The three-stage rollout of the amendments 📅

✅ What companies need to do to stay compliant 🏢

✅ The introduction of Data Protection Officers (DPOs) – who needs one, what they do, and whether outsourcing is an option 🔍

✅ The mandatory data breach notification requirement and its impact ⚠️

✅ The right to data portability and how it gives individuals more control over their personal data

Learn more about our DPO Outsourcing Services at www.hhq.com.my/DPO.

📌 Malaysia’s Personal Data Protection (Amendment) Act 2024 is here—but will it truly change the game, or is it just another paper tiger? In the first episode of Season 2 of The Legal Insight Podcast, we break down the key changes enshrined in Malaysia’s latest Personal Data Protection (Amendment) Act 2024 and analyze whether businesses should brace for real regulatory enforcement or if this is just another compliance formality. 

Featuring:

🔹 Johnson & Khai Yi – Partners, HHQ Technology Practice Group

Discussion Points:

🔍 Tougher Compliance Standards – Are businesses ready for the stricter data security requirements?

⚖️ Stronger Enforcement & Penalties – With increased fines and potential criminal liability, will regulators step up enforcement?

🌍 Cross-Border Data Transfers – How do the new rules align Malaysia with global data protection laws?

👥 Consumer Rights & Protection – Will individuals have more control over their personal data, or will enforcement remain weak?

🚀 Practical Steps for Businesses – What should companies do NOW to stay compliant and avoid hefty penalties?

With privacy regulations tightening worldwide, is this Malaysia’s turning point for serious data protection enforcement, or just a legislative update with little real impact? Our experts give their take with practical insights, case studies, and strategic advice for businesses navigating these changes.

💡 Don’t wait until enforcement knocks on your door—stay ahead of the curve.

Find out more about our DPO Outsourcing Services in Malaysia here: www.hhq.com.my/DPO.

Welcome back to The Legal Insight Podcast, Malaysia’s go-to legal podcast for navigating complex legal landscapes. In Episode 14, we dive deep into the Cyber Security Act 2024 to unpack one of the most pressing topics today—Cyber Security Incident Notification. 

🚨 What qualifies as a cyber security incident? 

🚨 When should an organization notify the authorities? 

🚨 What are the legal consequences of failing to comply? 

Join Zach Shaw as he hosts an insightful discussion with Ong Johnson (Head of Technology Practice Group), Lo Khai Yi (Co-Head of Technology Practice Group), and Nicole (Associate). 

Together, they break down the Act’s notification requirements, what organizations need to do immediately after an incident, and the serious penalties for non-compliance. 

🎯 Key Takeaways: 

• Understanding the triggers for notification under the Act 

• Immediate steps to take after discovering a cyber security incident 

• Legal obligations within 6 hours and 14 days post-incident 

• Strategies to strengthen your organization’s cyber security readiness 

💡 Whether you’re a business leader, compliance officer, or legal professional, this episode is packed with actionable insights to help you stay ahead of cyber threats and regulatory risks.

The Cyber Security Act 2024 is here, and it’s bringing major changes to the cybersecurity landscape. In Episode 13 of The Legal Insight Podcast, join Ong Johnson, Lo Khai Yi, and Nicole as they break down everything you need to know about the new licensing requirements for service providers.

🔑 Key topics include:
– Who Needs a License? The services and businesses affected by the Act.
– Application Process & Deadlines: Tips for navigating the licensing system.
– Compliance Risks & Penalties: Avoid fines of up to RM500,000 or imprisonment.
– Impact on International Providers: What foreign businesses must consider.

If you’re in the cybersecurity industry or rely on these services, this episode offers practical guidance to ensure compliance and protect your business.

Don’t forget to like, comment, and subscribe for more legal updates from HHQ!

Connect with HHQ
Website: https://hhq.com.my

#CyberSecurityAct2024 #LegalUpdates #HHQPodcast

“‘Are your AI systems labeled high-risk? If so, your obligations just multiplied”

The Legal Insight Podcast – Episode 12: Prohibited AI Practices Under the EU AI Act

In this episode of The Legal Insight Podcast, we dive deep into the European Union Artificial Intelligence Act (EU AI Act) with insights from Ong Johnson and Lo Khai Yi, leaders of HHQ’s Technology Practice Group. Discover the implications of the Act’s prohibited AI practices and how they impact innovation and compliance. From Manipulative and Exploitative AI Systems to Social Scoring and Biometric Categorisation, we break down the Act’s regulations, their rationale, and what businesses must do to navigate them. 

🎙 Key Highlights: 

The ethics and risks behind Manipulative and Exploitative AI. Social Scoring AI Systems: Where dystopia meets regulation. 

• Consequences of non-compliance: Fines and global enforcement. 
• Practical steps for companies to audit, adapt, and align with the EU AI Act. 
• Tune in to explore how this groundbreaking legislation reshapes the intersection of AI, ethics, and compliance. 

🔗 Download our 4-Step Self-Assessment Guide for High-Risk AI Systems here to evaluate your AI systems and ensure they align with the EU’s regulatory standards: https://hhq.com.my/wp-content/uploads/2024/11/EU-AI-Act-Self-Assessment-HHQ.pdf 

In Episode 11 of The Legal Insight Podcast, we dive into the European Union Artificial Intelligence Act—a transformative regulation impacting AI across industries worldwide. Host Zach is joined by Technology Practice Group leaders, Ong Johnson and Lo Khai Yi, who unpack the complexities of this 144-page legislative framework. Together, they explore the Act’s extraterritorial scope, impacting companies far beyond the EU’s borders, and explain the risk-based approach that applies distinct compliance obligations based on AI systems’ risk levels. 

Key insights cover: 

• The EU AI Act’s risk-based approach to categorizing AI systems 
• The phased implementation timeline and what it means for global AI providers 
• Clear distinctions between “AI Systems” and “General-Purpose AI Models” to determine compliance obligations 
• Prohibited AI practices coming into effect in early 2025 and how companies can start preparing 

Whether you’re a tech professional, in-house counsel, or simply curious about the legal landscape of AI, this episode provides essential insights into navigating compliance and innovation in the AI-driven future.

Derrick Leong is the Head of Legal & Compliance at IX Swap—the pioneering DeFi platform enabling the trading of real-world assets (RWA) through licensed custodians and broker-dealers. IX Swap’s mission is to democratize access to private market investments and tackle illiquidity using blockchain technology like Automated Market Making (AMM), liquidity pools, and DeFi. In Episode 10, we continue with Part 2 of diving into DeFi, NFTs, and central bank digital currencies (CBDC). Ong Johnson heads the Technology Practice Group, concentrating his expertise on high-stakes and complex litigation and transactional cases spanning Technology, Media, and Telecommunications (TMT), Corporate and M&A, Intellectual Property (IP), Privacy, Fintech, and Digital Transformation Infrastructure and Projects. Khai Yi’s passion for technology has helped him built an expertise in the dynamic and complex fields of Technology, IP, TMT, and Corporate and M&A. In the current landscape where digitisation and digitalisation are the trend, Khai Yi has placed himself strategically in a position where his skillsets and understanding of the evolving industries are able to be put to good use to benefit his clienteles. 

Derrick Leong is the Head of Legal & Compliance at IX Swap—the pioneering DeFi platform enabling the trading of real-world assets (RWA) through licensed custodians and broker-dealers. IX Swap’s mission is to democratize access to private market investments and tackle illiquidity using blockchain technology like Automated Market Making (AMM), liquidity pools, and DeFi. In Episode 9, we begin a two-part series diving into digital assets, real-world asset tokenization, and evolving regulations with a special guest, Derrick Leong: In Part 1, we explore fractional ownership, tokenization trends, and the regulatory landscape. Stay tuned for Episode 10 (Part 2), where we dive deeper into DeFi and its future.

In this episode, Ong Johnson, Lo Khai Yi, and Zach Shaw continue the second part of our series on Malaysia’s newly gazetted Cyber Security Act 2024. We delve into the obligations for National Critical Information Infrastructure (NCII) entities and the repercussions of non-compliance, offering actionable guidance on how these developments may affect your business. Discover the steps you can take to ensure compliance and stay ahead in Malaysia’s rapidly evolving cybersecurity landscape.

In this episode, Ong Johnson, Lo Khai Yi, and Zach Shaw begin a two-part series on the Cyber Security Act 2024 in Malaysia. We explore the Act’s introduction of national critical information infrastructure (NCII) and the new licensing requirements for cybersecurity service providers. 

Learn how these changes could impact your business and what steps you should take to ensure compliance. Tune in for valuable insights into Malaysia’s evolving cybersecurity landscape. 

New podcast episodes are released every second and fourth Thursday of the month. Subscribe to HHQ and tap the bell icon to get notified when the next episode releases. 

Ong Johnson heads the Technology Practice Group, concentrating his expertise on high-stakes and complex litigation and transactional cases spanning Technology, Media, and Telecommunications (TMT), Corporate and M&A, Intellectual Property (IP), Privacy, Fintech, and Digital Transformation Infrastructure and Projects. 

Khai Yi’s passion for technology has helped him built an expertise in the dynamic and complex fields of Technology, IP, TMT, and Corporate and M&A. In the current landscape where digitisation and digitalisation are the trend, Khai Yi has placed himself strategically in a position where his skillsets and understanding of the evolving industries are able to be put to good use to benefit his clienteles. 

The Legal Insight Podcast is hosted by Zach Shaw, Business Development Director of HHQ.

In this episode, Ong Johnson, Lo Khai Yi, and Zach Shaw dive into the transformative world of blockchain technology, focusing on the emerging trend of Real-World Assets (RWAs) tokenization. As blockchain adoption accelerates globally—especially with the recent U.S. approval of Spot Bitcoin ETFs—many companies remain hesitant to embrace this technology. We explore the reasons behind this hesitation and demystify the concept of RWAs tokenization, highlighting its profound implications for businesses across sectors.

This discussion is based on the Air Canada case surrounding AI chatbot hallucinations. The conversation seeks to explore the issues surrounding the legal risks of deploying AI Chatbots, and the best practices for managing those potential implications.

This discussion is titled ‘Licensing of Data for AI Model Training’. The conversation seeks to explore the issues surrounding the method of which AI companies source for data to train AI models, and how content creators/data providers can work with AI companies to create a win-win situation in this growing industry.

Exploring the Legal Implications of AI as Inventors: UK Patent Law Perspective HHQ 174 subscribers Analytics Edit video 13 Share Promote 306 views Premiered on 28 Jun 2024 The Legal Insight Podcast by HHQ Today’s discussion covers insights from our recent article titled ‘Exploring the Legal Implications of AI as Inventors: UK Patent Law Perspective’. The conversation seeks to clarify the position of the law on whether AI can be named as an inventor under a patent application.

Related reading: https://hhq.com.my/posts/exploring-the-legal-implications-of-ai-as-inventors-uk-patent-law-perspective/ 

This discussion covers insights from our recent article titled ‘Whether AI-Generated Work Could Be Protected by Copyright Law’. The article explores the rights of creators to the output produced by Generative AI systems (non-human-authors) such as ChatGPT, Stable Diffusion, DALL-E, and Midjourney.

Related reading: https://hhq.com.my/posts/whether-ai-generated-work-could-be-protected-by-copyright-law/ 

Welcome to the first episode of The Legal Insight Podcast by HHQ. This discussion covers insights from our recent article titled ‘Addressing Copyright Infringement and Challenges in AI Training’. The article highlights the potential risks of copyright infringement when training artificial intelligence, and how companies can manage those risks while remaining competitive.

Related reading: https://hhq.com.my/posts/addressing-copyright-infringement-and-challenges-in-ai-training/