Harmoni Partners
Harmoni Partners team
About the Firm

A Firm Built Around Data Privacy in Malaysia

Harmoni Partners was established to give Malaysian organisations access to data protection advisory that is straightforward, grounded in law, and aligned with the realities of day-to-day business operations.

Back to Home

Our Story

Practical Guidance, Not Theoretical Frameworks

Harmoni Partners was founded in Kuala Lumpur by practitioners who had seen, firsthand, how poorly structured data protection approaches create avoidable risks for businesses. The firm was built on a straightforward premise: organisations that process personal data deserve advisory that works in the real world, not just on paper.

Our work is grounded in Malaysia's Personal Data Protection Act 2010 and shaped by ongoing engagement with regulatory developments across the region. We take the time to understand each client's actual data flows, business model, and operational constraints before making any recommendation — because a compliance framework that no one in the organisation can follow is of limited value.

Over the years, we have worked with organisations spanning financial services, healthcare, education, retail, and technology. Each engagement deepens our understanding of how privacy obligations interact with diverse operating environments — and that understanding informs every piece of advice we give.

8+

Years of Practice

340+

Clients Assisted

97%

Satisfaction Rate

Our Mission

To help Malaysian organisations build sound, sustainable approaches to personal data protection — reducing regulatory exposure and strengthening the trust of those whose data they hold.

Our Vision

A business environment across Malaysia where personal data is handled with genuine care, and where compliance is understood as a mark of good governance — not a burden.

Our Approach

We work alongside each organisation's existing teams — legal, IT, operations — without imposing external frameworks that don't fit. Our advisory is calibrated, specific, and delivered with clarity.

The Team

Experienced Professionals, Focused on Privacy Law

Our advisory team combines legal expertise, regulatory experience, and familiarity with how data flows through Malaysian organisations.

SR

Suria Rashid

Principal Advisor

Called to the Malaysian Bar with over twelve years in commercial and regulatory practice. Suria leads PDPA compliance assessments and manages engagement with the Personal Data Protection Commissioner's office.

DN

Darren Ng

Data Governance Specialist

Brings eight years of experience in information security and data governance frameworks. Darren works with clients on policy drafting, data retention scheduling, and staff training material development.

AK

Amirah Kamarudin

Regulatory & Breach Response

Specialises in incident response and regulatory proceedings. Amirah has coordinated breach response engagements across financial services, e-commerce, and healthcare clients in Malaysia.

Standards & Protocols

How We Work — and Why It Matters

The standards we hold ourselves to in every engagement reflect our commitment to advisory that is sound, considered, and genuinely useful.

Legal Accuracy

All advice is grounded in the current text of the Personal Data Protection Act 2010, subsidiary legislation, and guidance issued by the Commissioner's office.

Client Confidentiality

All client information, documents, and communications are treated with strict confidentiality. Non-disclosure provisions are standard in every engagement.

Clear Communication

We explain compliance requirements in plain language. Our written outputs are designed to be used by non-lawyers, not just filed away.

Ongoing Currency

We monitor regulatory developments and update our approach as guidance from the Commissioner's office evolves, keeping our advice current and relevant.

Structured Methodology

Every engagement follows a clear process — from initial scoping to delivery and follow-up — so clients always know where they stand and what to expect next.

Data Subject Awareness

Our compliance frameworks are designed with the rights of data subjects in mind — because building genuine trust requires going beyond minimum legal compliance.

Our Expertise

Advisory Depth in Malaysian Data Protection Law

Harmoni Partners works across the full spectrum of personal data protection obligations that apply to commercial organisations in Malaysia. Our advisory covers the seven data protection principles under the PDPA 2010 — including the Notice and Choice Principle, Disclosure Principle, and Security Principle — and extends to the specific provisions governing sensitive personal data processing under Section 40.

We have particular depth in cross-border data transfer analysis, having advised organisations transferring personal data to processing entities in Singapore, Hong Kong, India, and the United Kingdom. Our approach to these assessments draws on the Commissioner's whitelisted countries framework and the practical contractual measures available to organisations operating internationally.

Our data breach response engagements have included matters spanning ransomware incidents, unauthorised third-party access, and employee data misuse scenarios. In each case, we focus on helping the affected organisation understand its obligations quickly and respond in a way that is measured, well-documented, and appropriate to the circumstances.

Harmoni Partners also works with organisations preparing for audit or regulatory inquiry, developing internal documentation that demonstrates active engagement with PDPA obligations — from training records and consent logs to data processing registers and cross-border transfer assessments.

Speak with Our Team

Initial consultations are available without any prior commitment. We're happy to discuss your situation and explain how we may be able to assist.

Get in Touch