The Personal Data Protection Bill (PDP) has been jointly approved by the DPR and the President. With the ratification of the PDP Bill, the government in this case the Ministry of Communication and Informatics will carry out supervision over the management of personal data by Electronic System Operators (PSE)."Regulate the rights of the owner of personal data and regulate sanctions for electronic system operators for the management of personal data processed in their respective systems," explained the Minister of Communication and Information, Johnny G. Plate when giving an explanation to the press after the DPR RI Plenary Meeting. at the Nusantara II Building DPR, Senayan, Central Jakarta, Wednesday (20/09/2022).
Johnny said that one of the obligations of PSE in the government (public) and private (private) scope is to ensure that personal data is protected in its system. "This is a personal data obligation. What do you see there? If there is a personal data incident or personal data leak (breach), then what will be done is an examination of the personal data provider, whether they have carried out compliance according to the PDP Law," he said. If not, then they (PSE) are given various types of sanctions as stipulated in the PDP Law in the form of administrative sanctions as well as criminal sanctions, imprisonment, and fines. "For the amount of the sanction varies from the level of error. Starting from a corporal sentence of 4 years to 6 years of criminality, as well as a fine of Rp. 4 billion to Rp. 6 billion for each incident. If an error occurs, a penalty of 2% of the total annual income will be imposed," explained the Minister of Communication and Informatics.
However, if there are people and corporations who use personal data illegally, the sanctions are much more severe in the form of deprivation of all activities related to the economic benefits of the personal data. "That's why we strongly encourage that let's use all public trust in the business space in the digital field, especially in the data field legally. Let's read the law together, at the same time of course we do literacy so that people know their rights and that of corporations, and individuals know their obligations," said the Minister of Communication and Information.
On behalf of the President of the Republic of Indonesia Joko Widodo, the Minister of Communication and Informatics reminded every PSE, controller and processor of personal data to carry out their obligations properly. Meanwhile, for information system security tasks, according to Presidential Regulation 53 of 2017, it has been transferred to the National Cyber and Crypto Agency (BSSN). With the Presidential Decree, Johnny explained, the Directorate of Information Security, which was previously in the organizational structure of the Directorate General of Information and Communications Applications, has now moved to BSSN since 2018. “What was moved? The first is the submission of ID-SIRTII, namely information system security. The second is a piece of equipment known as thread intelligence. The equipment for the network and information system was handed over to BSSN, so that at Kominfo, the Directorate of Information Security has been liquidated. Except, information system security is for the purposes of the Ministry of Communication and Informatics only," he explained.
Meanwhile, the other role of the Ministry of Communication and Informatics is to carry out compliance tests, conformity between statutory rules and obligations that must be carried out by the Electronic System. "If there is no compliance and there is a data breach or leakage of personal data, then that is where the sanctions are as regulated and currently under the PDP Law the sanctions are quite heavy," said the Minister of Communications and Informatics. Johnny stated that the PDP Law also regulates the equality of primary legislation in various countries. This is because data moves extraterritorially and extra-judicially, across national borders. The legal umbrella must have conformity both multilaterally (various countries) and bilaterally (between countries). "We hope that with the passing of the PDP Law, all PSEs must have firewalls and encryption technology that can be continuously improved, in order to be able to withstand ongoing cyber attacks. Also fast in handling and preventing cyber attacks by their respective systems," he hoped.
The Minister of Communication and Information said that the PDP Law also regulates individual, private and corporate institutions in the country and globally. "Regarding state institutions that regulate personal data management, they are under the President, responsible to the President, and will be further regulated through a Presidential Decree (Keppres)," he said.
