About Cemerlang Law
A dedicated legal practice focused on data privacy and PDPA compliance for Malaysian organisations — built on transparent advice and measurable outcomes.
Back to HomeEstablished to Address a Genuine Need
Cemerlang Law was established by a group of legal practitioners who observed a consistent gap in the Malaysian market: organisations knew they had obligations under the Personal Data Protection Act 2010, but lacked the specialised guidance needed to translate those obligations into workable internal processes.
From a modest start advising technology SMEs in the Klang Valley, the firm has grown its practice to serve clients across financial services, healthcare administration, retail, and professional services. Each engagement has reinforced the same principle: compliance that is understood is compliance that is sustained.
Today, Cemerlang Law operates from the heart of Kuala Lumpur Sentral, providing PDPA advisory, privacy documentation, and outsourced data protection officer services that are straightforward to implement and proportionate to client scale.
Our Mission
To make PDPA compliance accessible and understandable for Malaysian organisations of all sizes — providing structured legal support that removes uncertainty and builds long-term data-governance capability.
Our Vision
A business landscape in Malaysia where personal data is handled with care, transparency, and legal rigour — where data subjects can trust that organisations process their information responsibly.
Our Values
Transparency in every engagement. Precision in every document. Accountability in every recommendation. We treat client confidentiality and data-subject rights with equal seriousness.
The Team Behind Cemerlang Law
Practitioners who combine legal expertise with practical knowledge of how organisations actually process data.
Syahrul Ridhwan
Founding Partner, Data PrivacyCalled to the Malaysian Bar with over a decade in corporate advisory, Syahrul leads the firm's PDPA practice and has guided more than 80 organisations through compliance assessments and regulatory correspondence.
Nurul Farhana
Senior Associate, Privacy DocumentationFarhana specialises in drafting privacy policies, data-processing agreements, and consent frameworks for digital products. She brings a structured approach to translating regulatory language into practical documentation.
Kartini Teh
Associate, Compliance & DPO ServicesKartini manages the firm's outsourced DPO engagements, overseeing client compliance dashboards, breach-response planning, and staff training programmes across a range of industry sectors.
Quality Standards & Professional Protocols
Every engagement at Cemerlang Law is conducted under a consistent set of professional standards to protect both our clients and the individuals whose data they handle.
Legal Professional Privilege
All information shared with Cemerlang Law during an engagement is protected by legal professional privilege. Clients can speak openly and share sensitive materials without concern.
Formal Engagement Letters
We issue a formal engagement letter before any substantive work begins. This sets out the scope, fees, timelines, and our respective responsibilities — ensuring full transparency from the outset.
PDPA-Compliant Internal Practices
As a data privacy firm, we hold ourselves to the standards we advise others on. Client data is processed strictly within PDPA requirements and stored on secure, access-controlled systems.
Continuing Professional Development
Our practitioners complete regular training on Malaysian data protection developments, regional privacy law changes, and best-practice frameworks to ensure advice remains current.
Clear Communication at Every Stage
We provide written summaries at key engagement milestones. Clients are never left uncertain about where their project stands or what decisions they need to make.
Malaysian Bar Council Membership
All legal practitioners at Cemerlang Law are members in good standing of the Malaysian Bar and conduct their practice in accordance with the Legal Profession Act 1976 and applicable bar standards.
Data Privacy Legal Expertise in Kuala Lumpur
Cemerlang Law operates at the intersection of legal practice and data governance, serving Malaysian organisations that must navigate the Personal Data Protection Act 2010. The Act imposes seven binding principles — General, Notice and Choice, Disclosure, Security, Retention, Data Integrity, and Access — on any data user engaged in commercial transactions. Understanding how these principles translate into day-to-day processes is where our work begins.
Our team brings experience across technology startups, financial institutions, healthcare administrators, retail chains, and professional services providers. This breadth means we approach each engagement with contextual awareness of how data actually moves through your organisation — not just a theoretical checklist.
Situated in Kuala Lumpur Sentral, Cemerlang Law is well-placed to serve clients across the Klang Valley and engage with regulatory bodies as needed. Remote advisory is available for clients throughout Malaysia.
Ready to Work With Our Team?
Reach out to discuss your data-privacy requirements. We take the time to understand your situation before recommending a course of action.
Get in Touch