English | 中文 | 下载审德中文简介 

Sep

30

Ratification of Personal Data Protection Law of Indonesia

The House of Representatives of the Republic of Indonesia finally ratified the Personal Data Protection Bill (PDP Bill) into law (PDP Law) on 20 September 2022 in accordance with the regulation in Indonesia, with updates and additional clauses that are more comprehensive in accommodating personal data protection. Indonesia now joins other jurisdictions in Southeast Asia that have dedicated personal data protection laws, including Singapore and Thailand. However, the PDP Law not gone into effect yet and is not binding, as it still needs to be ratified by the President of the Republic of Indonesia within 30 days of enactment by the House of Representatives.

The PDP Law will increase the government's role and authority in enforcing and regulating the compliance and obligations of all parties who process personal data, both public and private. The government reminds all personal data controllers, both public and private, to improve their security systems, firewalls and encryption, to comply with responsibilities and maintain the personal data they manage, both general and specific, for absolute compliance with personal data protection.

Why is this Regulation Required?
Protection of personal being ratified in accordance with the law in Indonesia is necessary to have a legal basis to maintain state sovereignty, state security, and protection of personal data belonging to Indonesian citizens/foreigners residing in Indonesia, the government/public sector, and the private sector. Specific to the business sector, the presence of the PDP Law can increase consumer confidence, improve the management of corporate data security systems and encourage the growth of innovation in company management. The PDP Law has the potential to trigger an innovation race between companies to demonstrate the ability to manage data security.

The Role of the Data Protection Officer (DPO) in the Case of Data Breach
The PDP Law officially incorporates the DPO into law, apart from being a party that helps fulfill the implementation of the PDP Law, DPO also acts as a party providing advice and information to comply with the rules in the PDP Law, especially in the case of a data breach. In the event of a data breach, the duties of a DPO are to:

  • Provide notification in writing no later than 3x24 hours to the subject of personal and institutional data;
  • Prepare and deliver on efforts to handle and recover data breach cases;
  • Evaluate and improve the company's data security strategy.

Besides that, the primary role of the DPO is to build a data security system, maintain confidentiality, protect and ensure the security of personal data, conduct surveillance, keep personal data from being accessed illegally, make recordings, and ensure accuracy, completeness and consistency of personal data.

If you, a prospective client, wants to retain a law firm filled with data protection experts, Schinder Law Firm is one of many corporate law firms in Indonesia that have handled a lot of data protection matters, with many experienced and professional civil lawyers and dispute lawyers in its arsenal, making it one of the top consulting firms in Indonesia. Feel free to contact us at info@schinderlawfirm.com for further consultation.

Author: Budi Satya Makmur

Let Us Be Your Guide.
Our thorough understanding of local culture
ensures that your business will be in compliance
with all laws and regulations and receive
a warm welcome in the community.

Dear valued Visitor,

Data is a valuable currency in this new world. In the midst of digital transformation, the Indonesian government has taken the final decision to pass the Pelindungan Data Pribadi (PDP) Bill by September 2022. The PDP Law applies to all businesses established in Indonesia and puts the consumer in control. The task of complying with this regulation falls upon businesses.

The PDP Law affects a variety of business operations, including how your sales team prospect and how marketing initiatives are managed. Businesses have had to reassess their business procedures, applications, and forms. Additionally, all businesses that work with personal data should designate a Data Protection Officer (DPO) or data controller to oversee PDP compliance.

In line with this spirit, it gives us great pleasure to announce and share with all our esteemed clients and business associates that Schinder Law Firm is prepared to assist your company to understand the impacts of the Personal Data Protection Law (PDPL) and take the required measures to comply with the law. Our Privacy, Data Protection, and Cybersecurity practice group is a pioneer in providing data privacy law services in Indonesia. Personal data protection services include but are not limited to:

  • Assessing the existing systems, processes, and controls, etc.
  • Providing provide gap assessment on the existing systems, processes, and controls, etc.
  • Developing and ensuring contracts and agreements comply with the PDP Law
  • Developing policies, best practices, and procedures
  • Advising on the security of personal data and managing data breaches
  • Acting as the Data Protection Officer (DPO) and advising upon the appointment, role, and responsibilities of a data protection officer
  • Advising on cross-border transfers of personal data
  • Carrying out data protection impact assessments and data protection audits
  • Recommending other necessary corrective actions in order to comply with the PDP Law
  • Training on the PDP Law tailored to clients’ businesses

We look forward to many more opportunities in the year ahead with your continued support and trust. For consultation, please send us a WhatsApp or Email.

Warmest regards,
Naz Schinder
Managing Partner

Keep Up with the New Law in Indonesia: Personal Data Protection

  • Assessing the existing systems, processes and controls, etc.
  • Providing provide gap assessment on the existing systems, processes and controls, etc.
  • Developing and ensuring contracts and agreements comply with the PDPL.
  • Developing policies, best practices and procedures.
  • Advising on security of personal data and managing data breaches.
  • Acting as the Data Protection Officer (DPO) and advising upon the appointment, role and responsibilities of a data protection officer.
  • Advising on cross-border transfers of personal data.
  • Carrying out data protection impact assessments and data protection audits.
  • Recommending other necessary corrective actions in order to comply with the PDPL.
  • Training on the PDPL tailored to clients’ businesses.
Privacy, Data Protection and Cyber Security
We help our clients to understand the impact of the Personal Data Protection Law (PDPL) on their companies and take the required measures to comply with the law.