Oct

19

A Journey to PDP Law Compliance: Data Privacy Transfer in Indonesia

Data is a valuable currency in this new world. In the midst of digital transformation, the Indonesian government has taken the final decision to pass the Pelindungan Data Pribadi (PDP) Bill by September 2022. The PDP Law applies to all businesses established in Indonesia and puts the consumer in control. The task of complying with this regulation falls upon businesses. Prior to the PDP Law, there was no protection for data privacy under the law in Indonesia. The newly enacted PDP Law may attract more investment to Indonesia. Regulation in Indonesia continues to develop to make doing business easier, as well as to protect the public interest.

The PDP Law affects a variety of business operations. Business institutions across the country rely on sharing data, often customer information, to conduct marketing activities, to measure customer financial capabilities, to measure customer shopping habits, to measure product outcomes or to evaluate the product satisfaction rates. This article will describe how the newly enacted PDP Law regulates data privacy transfer.

Pursuant to the PDP Law, “Personal Data” is defined as any data about individuals identified or identifiable individually or in combination with other information either directly or indirectly through electronic or non-electronic systems. In carrying out the protection of personal data in Indonesia, there are two interrelated parties, namely the subject of personal data and the controller of the personal data. The subject of personal data is an individual to whom personal data is attached. Meanwhile, the controller of personal data is any person, public body or international organization that acts individually or jointly in determining the purpose and carrying out control over the processing of personal data. Everyone in this case is an individual or corporation, while a public body means an institution related to the administration of the state.

The subject of personal data has the right to obtain information about clarity of identity, the basis of legal interests for the purpose of the request and use of personal data, as well as the accountability of the party requesting the personal data. The purpose and use of personal data other parties must be known by the owner of the personal data. The personal data controller must obtain explicit, valid consent from the personal data subject in order to be able to process the personal data.

Pursuant to the data privacy transfer, according to Article 55 paragraph (1) of the PDP Law, the personal data controller may transfer personal data to other personal data controllers in the jurisdiction of Indonesia. Meanwhile, in transferring personal data and those who receive personal data transfers, they are required to protect the personal data as stipulated in the PDP Law.

Thus, we can convey that, basically, the transfer of personal data between companies in the territory of Indonesia is allowed as long as it is in accordance with the provisions of the PDP Law, such as the consent from the personal data subject has been in accordance with the conditions for obtaining data subject's data. In addition, the transfer or sharing of personal data between companies must be in accordance with the principles of personal data protection, such as protection from unauthorized access or leakage of personal data (unauthorized disclosure).

How Schinder Can Help

Schinder Law Firm is a leading corporate law firm in Indonesia, addressing commercial disputes and general corporate matters, which covers PDP Law compliance services. Our team of corporate lawyers and dispute lawyers have forged a reputation for assisting various clients across the globe. Moreover, our Privacy, Data Protection and Cybersecurity practice group is a pioneer in providing data privacy law services in Indonesia. As Indonesian business lawyers, we have extensive experience providing daily legal services in commercial contracts, and law and regulatory compliance. If you have inquiries related to PDP Law Compliance, please feel free to send a message to info@schinderlawfirm.com.

Author: Budhi Satya Makmur

Let Us Be Your Guide.
Our thorough understanding of local culture
ensures that your business will be in compliance
with all laws and regulations and receive
a warm welcome in the community.

Dear valued Visitor,

Data is a valuable currency in this new world. In the midst of digital transformation, the Indonesian government has taken the final decision to pass the Pelindungan Data Pribadi (PDP) Bill by September 2022. The PDP Law applies to all businesses established in Indonesia and puts the consumer in control. The task of complying with this regulation falls upon businesses.

The PDP Law affects a variety of business operations, including how your sales team prospect and how marketing initiatives are managed. Businesses have had to reassess their business procedures, applications, and forms. Additionally, all businesses that work with personal data should designate a Data Protection Officer (DPO) or data controller to oversee PDP compliance.

In line with this spirit, it gives us great pleasure to announce and share with all our esteemed clients and business associates that Schinder Law Firm is prepared to assist your company to understand the impacts of the Personal Data Protection Law (PDPL) and take the required measures to comply with the law. Our Privacy, Data Protection, and Cybersecurity practice group is a pioneer in providing data privacy law services in Indonesia. Personal data protection services include but are not limited to:

  • Assessing the existing systems, processes, and controls, etc.
  • Providing provide gap assessment on the existing systems, processes, and controls, etc.
  • Developing and ensuring contracts and agreements comply with the PDP Law
  • Developing policies, best practices, and procedures
  • Advising on the security of personal data and managing data breaches
  • Acting as the Data Protection Officer (DPO) and advising upon the appointment, role, and responsibilities of a data protection officer
  • Advising on cross-border transfers of personal data
  • Carrying out data protection impact assessments and data protection audits
  • Recommending other necessary corrective actions in order to comply with the PDP Law
  • Training on the PDP Law tailored to clients’ businesses

We look forward to many more opportunities in the year ahead with your continued support and trust. For consultation, please send us a WhatsApp or Email.

Warmest regards,
Naz Schinder
Managing Partner

Keep Up with the New Law in Indonesia: Personal Data Protection

  • Assessing the existing systems, processes and controls, etc.
  • Providing provide gap assessment on the existing systems, processes and controls, etc.
  • Developing and ensuring contracts and agreements comply with the PDPL.
  • Developing policies, best practices and procedures.
  • Advising on security of personal data and managing data breaches.
  • Acting as the Data Protection Officer (DPO) and advising upon the appointment, role and responsibilities of a data protection officer.
  • Advising on cross-border transfers of personal data.
  • Carrying out data protection impact assessments and data protection audits.
  • Recommending other necessary corrective actions in order to comply with the PDPL.
  • Training on the PDPL tailored to clients’ businesses.
Privacy, Data Protection and Cyber Security
We help our clients to understand the impact of the Personal Data Protection Law (PDPL) on their companies and take the required measures to comply with the law.