Securiti Named a 2022 Cool Vendor in Data Security by GartnerDownload Now
Indonesia’s draft Personal Data Protection Bill (PDPB) was signed on January 24, 2020. The regulations related to personal data protection existed in different Indonesian laws, but for improved effectiveness of Indonesian citizens’ personal data protection, a separate law dedicated to data protection was required, and hence, a draft bill was signed. The draft PDPB would apply to any person, entity, organization, and legal entity that operate within or outside Indonesia and have legal consequences to the personal data owner (data subject) within or outside the legal territory of the Republic of Indonesia.
Securiti enables organizations to ensure seamless compliance with Indonesia’s draft Personal Data Protection Bill (Draft PDPB) with its AI-driven data discovery, DSR automation, universal consent management, autonomous documented accountability, data breach management, and vendor risk assessment.
Securiti supports enterprises in their journey towards compliance with Indonesia’s Draft PDPB through automation, enhanced data visibility, and identity linking.
See how our comprehensive PrivacyOps platform helps you comply with various sections of Indonesia’s draft PDPB.
Create personalized web forms according to your brand style guide with the DSR request format and accept verified data subject rights requests. Automate the initiation of fulfillment workflows when verified requests are received.
Articles 2, 17, 21, 24, 27, 28, 29, 35, 36, 41, 45, 55
With the help of our multi-regulation, collaborative, readiness, and personal information impact assessment system, you can gauge your organization's posture against Indonesia’s draft PDPB requirements, identify the gaps, and address the risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance.
Data subjects have the right to be informed of the use of their personal data and access their data held by an organization. For this purpose, organizations must simplify the initiation of verified DSR requests. Automating the delivery and generation of secure data access reports will significantly reduce the risk of compliance violations and reduce the workforce required to comply with all the requests.
Articles 4, 6, 14, 15, 32
Disclosure of information to the data subjects within a limited time frame of receiving a verifiable data request is a must for any organization looking to comply. This will be free of charge and delivered through a secure, centralized portal.
Articles: 5, 7, 33, 34
With the help of automated data subject verification workflows across all appearances of a subject’s personal data, you can seamlessly fulfill all data rectification requests.
Articles: 8, 38(1)(c), 39(1)(c)
Fulfill data subject’s erasure/destroy/anonymize requests swiftly through automated and flexible workflows.
Articles: 8, 10, 11, 12, 26
Build a framework for objection and restriction of processing handling based on business requirements, with the help of collaborative workflows.
Articles: 9, 18, 19, 20, 25(1)
Automatically scan the web properties within your organization, categorizing tags, and cookies. Also, build customizable cookie banners, collect consent, and provide a preference center.
Articles: 9, 18, 19, 20, 25(1)
Track consent revocation of data subjects to prevent the transfer or processing of data without their consent. Seamlessly demonstrate consent compliance to regulators and data subjects.
Automates compliance actions and breach notifications to concerned stakeholders about security incidents by leveraging a knowledge database on security incident diagnosis and response.
Articles: 43, 44, 45
Keep track of privacy and security readiness for all your service providers and processors from a single interface. Collaborate instantly with vendors, automate data requests and deletions, and manage all vendor contracts and compliance documents.
Articles 47, 48, 49, 31
Instantly trace, manage, and monitor data flows on a single interface. Get comprehensive visibility by generating reports of all data points, any cross-border data transfers, vendor contracts, and compliance records.
Automate the data protection impact assessment process by identifying the risks early on and mitigating them to ensure data security and compliance with the draft PDPB.
Dynamically update privacy policies and notices to comply with Indonesia’s draft PDPB. Automate how you publish your privacy notices with the help of pre-built templates to make the process faster. Also, enable centralized management by tracking and monitoring privacy notices in order to maintain compliance.
Articles 17, 28, 29, 30, 46(1)(b)
Keep a birds-eye view of potential risks against non-compliance to data subjects’ rights by routinely monitoring and scanning personal consumer data.
Right to Request/Access Information: The personal data owner has the right to access their personal data held by the personal data controller in accordance with the provisions set under the bill. Additionally, they can request information regarding the use and purpose of their personal data and the accountable party requesting it.
Right to Renew/Correct/ Complete Information: The personal data owner has the right to request the completion, renewal, or correction of any mistake or inaccuracy in their personal data according to the set provisions.
Right to Terminate/Erasure : The personal data owner has the right to request the termination, erasure, or destruction of their personal data.
Right to Revoke Consent: The personal data owner has the right to revoke their consent at any period in time the processing of their personal data that has been permitted to the personal data controller.
Right to Object Automated Decision Making: The personal data owner has the right to object to the decision making which is based on automatic processing in accordance with personal profiling.
Right to Postpone/Limit: The personal data owner has the right to postpone or limit the processing of their personal data in accordance with the purpose of processing.
Right to File Lawsuit: The personal data owner has the right to file a lawsuit and receive compensation against the violation of their personal data as defined in the provisions under the bill.
Right to Pseudonymization: The personal data owner has the right to choose or not to choose the pseudonymization of their personal data for any purpose.
The draft PDPB requires the personal data controller to comply with the eight principles for personal data processing, including but not limited to a specific basis for processing, the purpose of processing, and guarantee of the rights of the personal data owner, to name a few.
The draft PDPB defines separate cross-border transfer regulations for data transfer within and outside the legal territory of the Republic of Indonesia, such as in case of outside Indonesia data transfer, the recipient international organization must have equivalent or higher data protection measures, there’s an international treaty, and the personal data controller has the consent of the personal data owner.
In the event of personal data protection failure, the personal data controller shall notify about the failure of the personal data owner and the Minister in writing within 72 hours.
Imprisonment penalties and fines range from 1 year to up to 6 six years, and from Rp 20,000,000,000.00 (twenty billion rupiahs) to up to Rp 10,000,000,000.00 (ten billion rupiahs) depending on the severity of the violation of the draft PDPB.
PO Box 13039,
Coyote CA 95013