Cemerlang Law & Privacy
Company Benefits Solutions Testimonials Request Consultation
Client satisfaction
Client Experiences

What Our Clients Say

Organisations across Malaysia share their experience working with Cemerlang Law on PDPA compliance — from initial assessment through to ongoing DPO support.

Back to Home
85+ Organisations Served
4.9 Average Rating
7 Years in Practice
200+ Policies Drafted
From Our Clients

Client Testimonials

AH

Ahmad Hafizi bin Rashid

Head of Compliance, Kuala Lumpur

"We engaged Cemerlang Law for a Gap Analysis ahead of a regulatory review. The team was thorough — they went through our entire data-handling chain rather than just reviewing documents on paper. The findings report was straightforward to understand, and the remediation plan gave us a practical path to work through."

PDPA Gap Analysis · February 2025
SR

Siti Rahayu Mohd Nasir

CEO, e-Commerce Platform, Selangor

"We needed privacy policies for our new mobile app — in both languages. Cemerlang Law turned around the first drafts within ten days, and the revision process was smooth. What I appreciated most was that the policies actually read like something a customer could understand, rather than pages of dense legal language."

Privacy Policy Drafting · January 2025
KL

Kelvin Lim Wei Jie

Operations Director, Fintech SME, KL

"We are on the DPO retainer and it has made a real difference to how we manage compliance internally. Having a named person to call when data questions come up — rather than wondering if we are handling something correctly — gives the team confidence. The quarterly reviews keep us accountable without being burdensome."

DPO Retainer · Ongoing since March 2024
PN

Priya Nair

HR Manager, Healthcare Admin, Penang

"The team drafted employee data-processing notices that our HR team could actually explain to staff during onboarding. It sounds like a small thing, but the previous notices we had were written in a way that nobody could really follow. This time, staff understand what they are consenting to, which is the whole point."

Privacy Policy Drafting · December 2024
ZA

Zulkifli bin Abdullah

IT Director, Retail Chain, Johor Bahru

"We had not reviewed our data practices in several years, so the gap analysis was quite revealing. Cemerlang Law identified several areas where our consent practices had drifted from what our privacy notice actually said. That kind of specific, actionable finding is exactly what we needed to justify internal changes to management."

PDPA Gap Analysis · January 2025
NI

Nur Izzati Kamaruddin

Legal Counsel, SaaS Company, Cyberjaya

"As in-house counsel, I wanted specialist input on cross-border data transfer requirements — an area where our previous advisors were not confident. Cemerlang Law provided a clear, structured assessment of which of our transfer arrangements needed to be formalised and how. The advice was precise, well-reasoned, and easy to act on."

DPO Retainer · Ongoing since July 2024
In Depth

Case Studies

Closer looks at how Cemerlang Law has supported specific organisations through their compliance challenges.

Case Study 01 · E-Commerce Platform

The Challenge

A Selangor-based e-commerce platform was preparing for a series B fundraise. Investors' due diligence process flagged that the company's privacy notice had not been updated since 2019 and did not cover several new data-processing activities introduced during product expansion.

Our Approach

Cemerlang Law conducted an expedited Gap Analysis covering the company's current data-processing activities, followed by a full redraft of the customer-facing privacy notice and internal employee data-processing policy. Both documents were delivered in English and Bahasa Malaysia within two weeks.

The Outcome

Investor due diligence concerns were resolved at the next review cycle. The company now holds documentation that accurately reflects current practices and has a clear internal process for updating notices when new processing activities are introduced. Series B fundraise completed on schedule.

"What impressed us most was how quickly Cemerlang Law understood our product and translated that into documentation that actually made sense to both our legal and product teams."

— Siti Rahayu Mohd Nasir, CEO
Case Study 02 · Financial Technology SME

The Challenge

A Kuala Lumpur fintech company processing payment data for SME clients had no formal compliance function. The founding team understood that PDPA obligations existed but had no structured approach to monitoring compliance, no breach-response plan, and had never completed PDPA registration.

Our Approach

Cemerlang Law commenced a DPO Retainer engagement, beginning with an initial compliance assessment and PDPA registration. We developed a breach-response playbook, a compliance dashboard, and delivered a half-day staff training session covering the team's practical data-handling responsibilities.

The Outcome

PDPA registration completed within the first month. Staff now have a clear understanding of their handling obligations. The quarterly review cadence has become a useful internal governance checkpoint. Company has successfully referenced its compliance programme in two enterprise client procurement processes.

"The compliance dashboard was something we did not realise we needed until we had it. Being able to show enterprise clients a clear, maintained record of our PDPA compliance has been a genuine commercial advantage."

— Kelvin Lim Wei Jie, Operations Director
Case Study 03 · Healthcare Administration Provider

The Challenge

A Penang-based healthcare administration company processing sensitive employee and patient data had existing policies but recognised that HR onboarding practices and patient data consent procedures were not aligned. They needed both a gap review and updated internal documentation.

Our Approach

We conducted a targeted Gap Analysis covering HR onboarding flows and patient consent mechanisms, then prepared revised employee data-processing notices and updated consent forms for patient data. All documents were reviewed against both PDPA requirements and the company's specific operational context.

The Outcome

Onboarding and consent procedures now accurately reflect PDPA requirements. HR team reports that staff have a clearer understanding of why data is collected and what it is used for. Company identified and addressed three specific consent-collection practices that would have presented risk in a regulatory examination.

Contact Details

Reach Out to Our Team

Office

Suite 11-2, Menara Cemerlang,
Jalan Stesen Sentral 2, 50470 KL

Hours

Monday–Friday: 9:00 AM – 6:00 PM
Saturday: 9:00 AM – 1:00 PM

Professional Credentials

Trust Indicators

Malaysian Bar Member

All practitioners in good standing under the Legal Profession Act 1976

Asialaw Emerging Practice Recognition

Recognised in data privacy advisory for Malaysia (2024)

PDPC Engagement Participant

Active in Personal Data Protection Commissioner consultation programmes

Join Our Growing Client Base

We work with Malaysian organisations that take their PDPA obligations seriously and want structured, professional support to fulfil them. Reach out to begin the conversation.

Request a Consultation