JAKARTA, KOMPAS.com – The House of Representatives (DPR) of the Republic of Indonesia is still discussing the Draft Law (RUU) Personal Data Protection (PDP) considering the urgency of the many cases of data leakage.
In the bill, leakage or misuse of personal data by organizers, such as fintech nor platform online shopping (e-commerce) will be penalized.
Director of Informatics Application Management at the Ministry of Communication and Informatics, Mariam F. Barata said the sanctions would be in the form of administrative sanctions and criminal sanctions.
Also read: In the draft law, Fintech is obliged to notify customers to the minister if a data leak occurs
Administrative sanctions are imposed if there is a breach of obligations. The sanctions imposed will be in the form of written warnings, temporary suspension of processing activities, to compensation and administrative fines.
“But if he does prohibited acts such as processing (personal data) outside of the first agreement, he will be subject to criminal sanctions,” Mariam said in a virtual Fintech Talk event for the 2020 National Fintech Week, Monday (16/11/2020).
The criminal sanctions will be in the form of imprisonment, fines and additional penalties for corporations.
While referring to article 42 RUU PDP, perpetrators who steal or falsify personal data with the aim of crime, will be sentenced to a maximum of 1 year and a maximum of Rp. 300 million.
In the next article, the fine can be increased to a maximum of Rp. 1 billion. This basic punishment is increased if the violation is committed by a business entity.
“Owners of personal data will also have the right to sue and receive compensation for violations,” said Mariam.
Also read: Government Adds PMN Rp. 8.57 Trillion
Furthermore, Maryam revealed that there are 3 important pillars in protection of personal data, that is policy (Policy), processing (data processing by the organizer), and people (human).
Policies will concern regulations, accepting data legally (with the consent of the owner of personal data), and requesting data must be as needed, aka no more than what is needed.
In the second pillar, the company must not provide personal data to third parties who are not appropriate in the initial processing, processing of personal data must be in accordance with the principles, and apply management.
“Then in the third pillar there are People (humans). Namely personal data controllers (organizers) must educate employees who collect data. Likewise to the owner of the personal data he collects,” Mariam concluded.
Also read: Ridwan Kamil: I am surprised that the investment entering West Java has increased 6 times …
– .