Posted on August 6, 2025
The Short Answer: No—Not Without Conditions
In today’s data-driven world, background checks without consent in Malaysia can be risky and unlawful.
In Malaysia, you generally cannot perform a background check without the individual’s consent, unless you meet very specific criteria under the Personal Data Protection Act (PDPA) 2010. The act regulates how personal data is collected, processed, and used including during background screening in Malaysia.
What PDPA Malaysia Says About Consent
The PDPA Malaysia has seven key principles. When it comes to background checks, two are especially important:
Notice and Consent Principle – You must inform and get consent from the individual before collecting or processing their personal data.
Purpose Limitation Principle – You must only use the data for legitimate and clearly defined purposes such as employment screening.
This means any PDPA-compliant background check must involve clear, documented consent unless an exception applies.
When You Can’t Skip Consent
You must NOT proceed with a background check if:
The candidate or employee has not given written consent
The data collected goes beyond the purpose stated
You’re using third-party sources without disclosure
You’re screening for personal or unrelated purposes
Doing so could lead to penalties, lawsuits, or damage to your employer brand.
When Background Check Without Consent Might Be Allowed (Limited Cases)
There are narrow scenarios where consent may not be needed, usually for public interest or legitimate legal grounds. These may include:
Court orders or legal investigations
Regulatory or compliance screenings under specific laws (e.g., AMLA, BNM, MACC Section 17A)
Screening for fraud prevention or due diligence, if justified under “legitimate interest” and properly documented
Even then, you should always consult your legal or compliance team, and ensure that the process is still aligned with PDPA rules.
What Is the PDPA-Compliant Way to Run Background Checks?
To stay on the right side of PDPA Malaysia, here’s what employers must do:
Get written consent before initiating any employment check
Explain what you’re screening for (e.g., education, criminal, reference)
Only collect what is necessary for hiring or employment
Use a certified provider like Verity Intelligence that is ISO 27001 certified and PDPA-compliant
Want to Run Fast, Compliant Checks?
Use VERISafe, Verity’s instant background screening tool designed for PDPA-compliant use by employers.
It checks for:
Criminal records
Global sanctions
Watchlists
Blacklists
Stay safe, stay smart, and always screen with a trusted, PDPA-compliant provider such as Verity Intelligence.
