English | 中文 | 下载审德中文简介 

Sep

15

The Urgency of Personal Data Protection

The suspected data leaks from Social Health Insurance Administration Body (BPJS) and the Indonesia Health Alert Card (eHAC) demonstrates the urgent need to provide increased protection for citizens’ personal data. But, in reality, the discussion of the Bill on Personal Data Protection has reached a dead end. The reason is that parliament and the government both hold different opinions about the concept of an institution that will protect people’s personal data. The government wants this institution to be under the Ministry of Communication and Information as the executive power branch. Meanwhile, parliament wants the institution to be independent and report directly to the President.

There are many important factors for the ratification of this Personal Data Protection Bill, including:
First, the large number of citizens who, as legal subjects, will be protected. At least as many as 270.20 million Indonesians are data subjects or data owners who must be protected. Second, the extent and scope of the controller or processor of personal data includes public bodies, non-public institutions or corporations/the private sector, as well as individuals, starting from Indonesian and foreign entities with various interests or needs for the use of personal data. Third, the high level of variation in the standard of personal data protection arrangements in each sector. Various sectors currently manage personal data independently, thus requiring standardization, harmonization and synchronization, including regulatory vacuums. Fourth, the lack of public awareness about the importance of protecting their personal data and that of others. Fifth, asymmetric access between individuals such as data owners and controllers or processors, which are generally corporations, agencies and organizations. Based on these considerations, the proposal is to regulate with an institutional authority of Personal Data Protection that is independent and proactive (active system) with collaborative, regulatory and supervisory functions, enforcement of corrective actions and separate funding support.

Apart from the independence of authority, Personal Data Protection institutions must be proactive through regulation, supervision, cooperation and public awareness functions. Through the choice of an active system in the implementation of supervision/inspection, the institution is expected to act without having to wait for public disputes, reports or complaints.

Independent institutions must be designed collaboratively to work by operating, strengthening and utilizing other existing institutional ecosystems to strengthen guarantees for personal data protection. For example, certification and accreditation bodies, prosecutors, police and others.

In addition, the institutions will carry out regulatory and supervisory functions. Regulatory functions include setting implementation standards as a reference for controllers/processors and harmonizing Personal Data Protection arrangements that are currently still sectoral, including issuing various guidelines or other criteria as needed. The supervisory function includes supervision aimed at strengthening the system and early detection or prevention of potential violations.

Because of the urgency of personal data protection in Indonesia, Schinder Law Firm established a specific working group for data protection that can assist clients in consulting, guiding and drafting a code of conduct related to data protection, including client assistance in the event of a dispute/report. Should you wish to carry out these legal services, please drop us an email at info@schinderlawfirm.com.

Let Us Be Your Guide.
Our thorough understanding of local culture
ensures that your business will be in compliance
with all laws and regulations and receive
a warm welcome in the community.

Dear valued Visitor,

Data is a valuable currency in this new world. In the midst of digital transformation, the Indonesian government has taken the final decision to pass the Pelindungan Data Pribadi (PDP) Bill by September 2022. The PDP Law applies to all businesses established in Indonesia and puts the consumer in control. The task of complying with this regulation falls upon businesses.

The PDP Law affects a variety of business operations, including how your sales team prospect and how marketing initiatives are managed. Businesses have had to reassess their business procedures, applications, and forms. Additionally, all businesses that work with personal data should designate a Data Protection Officer (DPO) or data controller to oversee PDP compliance.

In line with this spirit, it gives us great pleasure to announce and share with all our esteemed clients and business associates that Schinder Law Firm is prepared to assist your company to understand the impacts of the Personal Data Protection Law (PDPL) and take the required measures to comply with the law. Our Privacy, Data Protection, and Cybersecurity practice group is a pioneer in providing data privacy law services in Indonesia. Personal data protection services include but are not limited to:

  • Assessing the existing systems, processes, and controls, etc.
  • Providing provide gap assessment on the existing systems, processes, and controls, etc.
  • Developing and ensuring contracts and agreements comply with the PDP Law
  • Developing policies, best practices, and procedures
  • Advising on the security of personal data and managing data breaches
  • Acting as the Data Protection Officer (DPO) and advising upon the appointment, role, and responsibilities of a data protection officer
  • Advising on cross-border transfers of personal data
  • Carrying out data protection impact assessments and data protection audits
  • Recommending other necessary corrective actions in order to comply with the PDP Law
  • Training on the PDP Law tailored to clients’ businesses

We look forward to many more opportunities in the year ahead with your continued support and trust. For consultation, please send us a WhatsApp or Email.

Warmest regards,
Naz Schinder
Managing Partner

Keep Up with the New Law in Indonesia: Personal Data Protection

  • Assessing the existing systems, processes and controls, etc.
  • Providing provide gap assessment on the existing systems, processes and controls, etc.
  • Developing and ensuring contracts and agreements comply with the PDPL.
  • Developing policies, best practices and procedures.
  • Advising on security of personal data and managing data breaches.
  • Acting as the Data Protection Officer (DPO) and advising upon the appointment, role and responsibilities of a data protection officer.
  • Advising on cross-border transfers of personal data.
  • Carrying out data protection impact assessments and data protection audits.
  • Recommending other necessary corrective actions in order to comply with the PDPL.
  • Training on the PDPL tailored to clients’ businesses.
Privacy, Data Protection and Cyber Security
We help our clients to understand the impact of the Personal Data Protection Law (PDPL) on their companies and take the required measures to comply with the law.