Understanding The New Data Protection Regulations in Indonesia

Indonesia will implement the new data protection regulations following concern breaches. Read more to find out how it affects your business.

For a few years, there have been growing worries about personal data security – particularly in light of the countless credit and loan offers distributed via phone and haphazard short messages. With this, enforcement through specific data protection regulations has become essential.

At least 1,227 public and private institutions have access to information about the personal data of Indonesian citizens. The Home Affairs Ministry, responsible for maintaining Indonesian people’s personal data, acknowledged the issue last year.

Several laws and regulations govern the protection of people’s data, including Law Number 24 of 2013 concerning Population Administration and the Minister of Home Affairs Regulation Number 61 of 2015. However, there is no apparent penalty for any institution found to be leaking personal data.

Ira Aprilianti, a researcher at the Center for Indonesian Policy Studies (CIPS), has urged the DPR to enact the Bill on Protection of Personal Data. It’s common for e-commerce service providers to misuse personal data stored.

Many customer data is shared and traded by fintech companies in several instances without the customer’s consent.

The Implementation of Personal Data Protection Law

After much anticipation, the Indonesian legislature finally approved the Personal Data Protection Law (PDP Law). The new law makes data handlers accountable for up to five years in prison if they misuse or leak personal data. The bill itself has been under discussion for more than a year. The PDP Law states that offenders may face up to six years of imprisonment for fabricating personal information for their own benefit.

The law also includes corporate penalties that, in the event of a data leak, can be as high as 2% of the company’s annual sales. It is possible to seize or sell off the company’s assets for exposing personal data.

The new law was passed in response to a spate of data breaches and leaks that allegedly affected not just individuals but also numerous businesses and the national government. The COVID-19 vaccination records of Indonesian President Joko Widodo were exposed by a contact-tracing app last year.

After Singapore, Malaysia, Thailand, and the Philippines, Indonesia is now the fifth nation in Southeast Asia to have special legislation on protecting personal data due to the recent change.

With the PDP Law, establishing a company in Indonesia will have more dynamic and sager. The Act must be stated in an agreement to safeguard all Indonesian citizens’ personal information.

Understanding The New Data Protection Regulations in Indonesia

A New Hope

Like oil a few decades ago or spices in the ancient islands, which were said to be more precious than gold, data is essential today. According to Sukamta, a member of Commission I of the House of Representatives (DPR), data has become a very alluring source of money in this digital age.

Residents of Indonesia will have various privacy rights under the Act, including the ability to access, delete, and restrict their personal information. They will also be entitled to seek compensation for data breaches.

How to Safeguard Company Data

Data protection has become crucial for organizations in recent years. Knowing how to protect your business data is essential, regardless of whether you own a small startup or a major corporation. Here are a few suggestions for safeguarding your company’s data.

1. Establish a reliable security plan

A cybersecurity plan should include enough specifics to explain how to safeguard data and what to do if something goes wrong. A preemptive approach will enable you to stop any dangers impacting your company.

2. Educate staff

The human aspect is frequently the most prominent data protection issue. Survey research claims that up to 55% of data breaches are employees’ fault.

Ensure that all staff members receive training on cybersecurity rules, compliance requirements, and best practices for handling sensitive corporate data. Conduct frequent training sessions to assist the staff in acquiring the skills and knowledge necessary to protect company data adequately.

3. Create a response system

Despite all the precautions, there is always a danger that anything could go wrong. Even the best-laid data protection plans include vulnerabilities you may have yet to consider. You can keep ready for the worst-case scenario, should it occur, by taking a proactive attitude.

4. Establish a culture of security

Any attempt to improve data security can only be successful if there is a change in the organization’s culture. Even if you recognize the value of cybersecurity, it won’t matter much if people who handle data don’t. The weakest connections in your data security system are frequently your frontline staff members.

By implementing security regulations and rewarding top performers, the organization can improve its security culture and reinforce the value of safeguarding corporate data.

Businesses should pay extra attention to the security and protection of their data. Companies can save a ton of time by seeking help from InCorp Indonesia (formerly Cekindo) on company registration and other legal compliance matters to focus on more pressing tasks like the company’s data security.

Contact Our Consultant

Post Verificator

Verified by:​

Tjhia Edy Tarlesno

Edy is the Legal and Delivery Manager at Cekindo. He focuses on internal and external legal compliance with the laws of the Republic of Indonesia. During his career, he specialized in bankruptcy and insolvency at a law firm and also led a prominent social foundation in Indonesia. He is a sworn advocate at the Indonesian Bar Association, a licensed mediator from the Supreme Court of the Republic of Indonesia, a Certified Legal Auditor from the Indonesian Legal Auditor Association, and a Certified Legal Translator from the University of Indonesia.