JakartaPost-Sept 12, 2022
Planned regulations aimed at strengthening data protection in Indonesia pose a significant threat to companies found to be noncompliant. The private data protection (PDP) bill, which is currently awaiting its final approval at the House of Representatives, stipulates fines of up to 2 percent of annual revenue for organizations guilty of exposing private information. “I need to remind data controllers and processors to enforce proper encrypted security that can withstand cyberattacks, remembering that, if any violation happens, the fines will be quite high for corporations. They are exorbitant,” Communications and Information Minister Johnny G. Plate said on Wednesday. Administrative sanctions and criminal punishment will compel data controllers and processors to establish whole new data management systems to protect users’ private details, a policy deemed novel in a country that has seen several major data breaches over the past few years. The ministry maintains that the fine of up to 2 percent of revenue is relatively forgiving, given that the European Union’s General Data Protection Regulation (EU GDPR) can entail fines of as much as 4 percent of a company’s global annual revenue. “In the past, data breaches just slipped through the cracks. Once this law is passed, that won’t happen [any more], because it will be clear who is to be held accountable, up until what point and whether there will be criminal [proceedings] or administrative sanctions,” said Abdul Kharis Alamsyhari, deputy chairman of House Commission I, which oversees intelligence and information. Read more at: