Thales banner

Personal Data Protection (PDP) Law of Indonesia

Thales helps organizations to achieve compliance with key provisions of Personal Data Protection Law requirements.

Personal Data Protection (PDP) Law of Indonesia

Test

The Personal Data Protection (PDP) Bill was passed and become law on October 17, 2022 in Indonesia. PDP Law is the first comprehensive law in Indonesia to govern personal data protection in both electronic and non-electronic systems. It signifies the development of policies on personal data protection and confidentiality and strengthens the protection of the right to privacy.

Thales can help your organizations to comply with the key provisions of Personal Data Protection Law requirements.

  • Regulation
  • Compliance

Regulation Overview

Indonesia Personal Data Protection (PDP) Law has 76 articles across 16 chapters, these articles and chapters extensively cover data ownership rights, and prohibitions on data use, along with the collection, storage, processing, and transfer of personal data of Indonesian users. It also introduces new concepts, including the requirement for both prior and post notifications to the regulator on cross-border personal data transfers. The new law goes further by introducing criminal sanctions for personal data breaches.

Some of the key provisions of the PDP Law require an organization to take note and comply.

  1. Scope of the PDP Law
  2. Defining Personal Data and Personal Data types
  3. Identify key roles - Personal Data Controller and Personal Data Processor
  4. Rights and Obligations of Data Subjects, Controllers and Processors
  5. The Basis for Personal Data Processing
  6. Data Protection Impact Assessment
  7. Appointment of Data Protection Officer
  8. Creation of a PDP Institution
  9. Cross-Border Transfer of Personal Data/ Onshore and Offshore Personal Data Transfers
  10. Notification Requirements
  11. Criminal and Administrative Sanctions
  12. Transition Period

Thales can help organizations to achieve compliance with Personal Data Protection Law requirements with a Data-centric Security approach and Strong Authentication and Access Management.

Data-Centric Security Approach
The CipherTrust Data Security Platform is an integrated suite of data-centric security products and solutions that unify data discovery, protection, and control in one platform.

  • Discover: An organization must be able to discover data wherever it resides and classify it. This data can be in many forms: files, databases, and big data, and it can rest across storage on premises, in clouds, and across back-ups. Data security and compliance starts with finding exposed sensitive data before hackers and auditors. The CipherTrust Data Security Platform enables organizations to get complete visibility into sensitive data on-premises and in the cloud with efficient data discovery, classification, and risk analysis.
  • Protect: Once an organization knows where its sensitive data is, protective measures such as encryption or tokenization can be applied. For encryption and tokenization to successfully secure sensitive data, the cryptographic keys themselves must be secured, managed and controlled by the organization. The CipherTrust Data Security Platform provides comprehensive data security capabilities, including file-level encryption with access controlsapplication-layer encryptiondatabase encryptionstatic data maskingvaultless tokenization with policy-based dynamic data masking, and vaulted tokenization to support a wide range of data protection use cases. The organization needs to monitor access to sensitive data to identify ongoing, cyber-attacks or other cyber threats. CipherTrust Security Intelligence logs and reports streamline compliance reporting and speed threat detection using leading Security Information and Event Management (SIEM) systems.
  • Control: The organization needs to control access to its data and centralize key management. Every data security regulation and mandate requires organizations to be able to monitor, detect, control, and report on authorized and unauthorized access to data and encryption keys. The CipherTrust Data Security Platform delivers robust enterprise key management across multiple cloud service providers (CSP) and hybrid cloud environments to centrally manage encryption keys and configure security policies so organizations can control and protect sensitive data in the cloud, on-premise and across hybrid environments.

Strong access management and authentication
Thales Access Management and Authentication solutions provide both the security mechanisms and reporting capabilities organizations need to comply with data security regulations. Our solutions protect sensitive data by enforcing the appropriate access controls when users log into applications that store sensitive data. By supporting a broad range of authentication methods and policy driven role-based access, our solutions help enterprises mitigate the risk of data breach due to compromised or stolen credentials or through insider credential abuse. Support for smart single sign on and step-up authentication allows organizations to optimize convenience for end users, ensuring they only need to authenticate when needed. Extensive reporting allows businesses to produce a detailed audit trail of all access and authentication events, ensuring they can prove compliance with a broad range of regulations.

Recommended Resources

Addressing Requirements of Personal Data Protection (PDP) Law of Indonesia – eBook

Addressing Requirements of Personal Data Protection (PDP) Law of Indonesia – eBook

Indonesia passed its first Personal Data Protection (PDP) Law in 2022. The PDP Law is an effort to enhance the existing regulatory framework on personal data protection, it signifies the development of policies on personal data protection and confidentiality and strengthens...

Data Security Compliance and Regulations - eBook

Data Security Compliance and Regulations - eBook

This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.

機密データ保護に必用とされる 組織の重要な柱とは - White Paper

機密データ保護に必用とされる 組織の重要な柱とは - White Paper

従来、組織のITセキュリティは主に境界防御に焦点を置き、壁 を築くことで外部からの脅威がネットワークに侵入するのを防 いでいました。これは依然として重要ではあるものの、十分では ありません。サイバー犯罪者は境界防御を頻繁に突破しており、 データはこうした防御の外側のクラウドなどに存在することが 多いため、組織は場所を問わずにデータを保護するデータ中心 のセキュリティ戦略を適用する必要があります。今日のデータ急 増や、世界と地域のプライバシー規制の進化、クラウド導入の拡 大、APT(持続的標的型攻撃)などに対応するため、データ中心...