Securiti launches Gencore AI, a holistic solution to build Safe Enterprise AI with proprietary data - easily

View

Indonesia’s Personal Data Protection Regime

Operationalize PDPL Compliance with the most comprehensive PrivacyOps platform.

Last Updated on July 15, 2024

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

The principal law governing personal data protection in Indonesia is Law No. 27 of 2022, commonly referred to as the Personal Data Protection Law (PDPL). Before the PDPL was enacted, Indonesia had a piecemeal framework for data protection and privacy. There are several regulations that continue to regulate the personal data processed in the electronic systems by the Electronic Service Operators (ESOs). These are:

  • Regulation No. 20 of 2016 concerning Protection of Personal Data in Electronic Systems (MoCI Reg); 
  • Amended Law No. 11 of 2008 on Electronic Information and Transaction (EIT Law);
  • Government Regulation No. 71 of 2019 on the Implementation of the Electronic System and Transaction (GR 71).

The MoCI Reg, EIT Law, and GR 71 primarily focus on electronic information where its provisions apply to local electronic service operators that deal with Indonesian citizens. These also apply extraterritorially in certain circumstances. 

The solution

Securiti empowers organizations across the globe to ensure smooth compliance with the MoCI Reg, EIT Law, and GR 71. This is achieved by Securiti’s AI-driven data discovery, DSR automation, universal consent management, autonomous documented accountability, data breach management, and vendor risk assessment functionality.

Indonesia PDP Compliance Solution

Securiti enables enterprises and supports them in their journey towards compliance with Indonesia’s Personal Data Protection Regulations through automation, enhanced data visibility, and identity linking.

See how our comprehensive PrivacyOps platform helps you comply with various sections of the MoCI Reg, EIT Law, and GR 71.


 

Indonesia PDP data rectify request

Automate data subject request handling

MoCI Reg Articles: 26

Data subjects have several rights instituted under the PDP Regulations. Data subjects have the right to be informed of the use of their personal data and the ability to access their data held by an organization. To comply with the PDP Regulations, organizations must have a well-organized and modern platform to cater to verified DSR requests.

Secure fulfillment of data access requests

MoCI Reg Articles: 26(c)(d)

Conveniently disclose the required information to the data subjects free of charge via the secure, centralized portal. Automating the delivery and generation of secure data access reports minimizes the risk of any compliance violations.

Indonesia PDP data access request
Indonesia PDP data rectify request

Automate the processing of rectification requests

MoCI Reg Articles: 20, 26(e); GR 71 Articles: 15, 18

Seamlessly fulfill all data rectification requests with automated data subject verification and rectification workflows across all appearances of a subject’s personal data.

Monitor and track consent

MoCI Reg Articles: 2(2)(b)(c), 2(4), 6, 12(2), 24(1), 37(1); GR 71 Articles: 14(3) and 4; EIT Law Article: 26(1)

Routinely monitor and track consent of data subjects to prevent any illegal transfer or processing of data without the user’s consent. Continuously validate consent compliance to regulators and data subjects for swift action.

Indonesia PDP dsr workbench
Indonesia PDP PDP Readiness Assessment

Continuous monitoring and tracking

MoCI Reg Articles: 24, 25 ; GR 71 Articles: 13,14(1)(2), 20(1); EIT Law Article: 3

Keep a birds-eye view of potential risks against non-compliance to data subjects’ rights by routinely monitoring and scanning personal consumer data.

Assess PDP Regulations readiness

MoCI Reg Articles: 4,6, 7,8, 9, 10, 28; GR 71 Articles: 2(2), 3,4,5,6, 14(1)(2), 19, 34; EIT Law Article: 2, 10, 16

With the help of our multi-regulation, collaborative, readiness, and data protection impact assessment system, you can gauge your organization's posture against PDP Regulations requirements, identify the gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against PDP Regulations.

Indonesia PDP Data Flow Mapping
Indonesia PDP PDP Readiness Assessment

Map data flows and generate reports

MoCI Reg Articles: 21, 22(1), 28(e); GR 71 Article: 26(2), 22; EIT Law Article: 10, 27(1)

Instantly trace, manage, and monitor data flows on a single interface. Get comprehensive visibility by generating reports of all data points, any cross-border data transfers, vendor contracts, and compliance records.

Automate data breach response notifications

MoCI Reg Article: 28(c); GR 71 Articles: 14(5), 24(3); EIT Law Article: 12

Automate compliance actions and breach notifications to concerned stakeholders regarding any security incidents by leveraging a knowledge database on security incident diagnosis and response.

Indonesia PDP Data Flow Mapping
Indonesia PDP breach response notification

Meet cookie compliance

MoCI Reg Articles: 2(2)(b)(c), 2(4), 6, 12(2), 24(1), 37(1); GR 71 Articles: 14(3) and 4; EIT Law Articles: 26(1)

Automatically scan the web properties within your organization, categorizing tags and cookies. Also, build customizable cookie banners, collect consent, and provide a preference center.

Data Subject Rights Under Indonesia’s Personal Data Protection Regulations

Right to be informed: Organizations must inform data subjects of the purpose of the collection of personal data and any future possible use of a user’s personal data.

 

Right to access: Data subjects have the right to access their data and obtain access or the opportunity to receive the history of their personal data.

Right to rectification: A data subject is entitled to gain access to alter or renew their personal data without the interference of a personal data management system.

Right to erasure: A data subject can request the deletion of their personal data or have it erased after the storage time limit has been reached.

Right to opt-out: A data subject can withdraw consent for the processing of his/her personal data with which they don’t agree.

Quick Facts about the EIT Law, GR 71 and MoCI Reg

1

The EIT Law, GR 71 and MoCI Reg primarily focus on electronic information and apply to individuals, legal entities, business entities, government institutions, public entities, and civic society organizations.

2

The three laws empower the Indonesian government with the duty of supervision, advocacy, evaluation, enforcement, and other conducts necessary to ensure personal data protection.

3

The transfer of personal data is prohibited without the consent of the data subject, as stipulated under Article 27(1) of the EIT Law.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report

What's
New