On Tuesday, December 12, 2023, EKONID successfully hosted its Online Roundtable Event “Indonesian Personal Data Protection Law: Framework and Implementation For Business” via Microsoft Teams.
The event was aimed at helping EKONID members in gaining a firmer understanding of the Personal Data Protection Law (“PDP Law”), as well as in planning their personal data protection program within the scope of their organization.
EKONID Presented two special speakers for the event: Mr. Arif Wahyudi, Partnership Analyst of the PDP Governance Team from the Indonesian Ministry of Communication and Informatics, and Mrs. Helena Sitorus, S.H. LL. M from MHMS Advocates. Mrs. Nurul Khasbullah, Executive of Legal and Investment Consultation Services at EKONID, hosted and moderated the event.
During his 30-minute presentation, Mr. Wahyudi stated that all parties, including companies, would have a 2-year transitional period to adjust to the PDP Law as of the time of the law’s issuance, during which they should reassess their company policies to comply with the PDP Law.
During this transition period, the Ministry of Communication and Informatics, especially the PDP team, would actively conduct activities such as socialization, monitoring, and assessment regarding what different stakeholders need to do, as well as identify gaps and other preparations.
Furthermore, different basic principles of the PDP Law were also introduced. In general, the PDP Law is similar to the General Data Protection Regulation (GDPR) issued by the European Union in 2016.
“The government has adapted the basic principle of personal data protection to the needs and circumstances in Indonesia. Moreover, the core focus of the PDP Law is not to apply the sanctions, but to encourage all parties to comply with it,” explained Mr. Wahyudi.
In her presentation, Mrs. Helena Sitorus explained the strategy of implementing the PDP Law by differentiating between Controllers and Processor of Personal Data. Mrs. Sitorus said companies should determine carefully whether they want to be the Personal Data Controller or Processor because the controller and processor have different obligations and responsibilities. It was also suggested that companies have a data agreement to specify the data processing activities that fall outside the scope of the data controller's instructions.
Other topics discussed at the roundtable include how to transfer cross-border data, the types of sanctions that may be incurred by companies who fail to comply with the PDP Law, as well as the various strategies companies could employ in designing a Personal Data Protection Program.
We hope that, through this online roundtable, EKONID has helped industry players in complying with the Indonesian Personal Data Protection Law in the scope of their organization and business. We extend our gratitude to Mr. Arif Wahyudi, Mrs. Helena Sitorus, S.H., LL.M and all the participants who helped make the event a success.