The Importance of Personal Data Protection Policy in Indonesia



The increasing number and scope of interactions between people within the digital world has led to the need for a conducive and safe digital ecosystem, especially when it comes to data privacy. It is hoped that the Personal Data Protection Bill (RUU PDP), which has passed public scrutiny, will lead to improved levels of data personal data protection.

According to a 2021 survey conducted by the Ministry of Communication and Informatics and the Katadata Insight Center, more than 60% of the public are still unaware of the existence of the PDP Bill, with only 31.8% of companies professing knowledge of it. In response to these findings, Kominfo, VIDA, and ICSF invited the public and digital industry players to an education session to increase awareness of the existence of the PDP bill as part of the commemoration of International Data Privacy Day, which falls every January 28.

Sati Rasuanto, Co-Founder and CEO of VIDA, explained “As electronic certificate providers (PSrE), it is our role and responsibility to support the government's mission to create a secure digital ecosystem in Indonesia. VIDA guarantees the security of consumer personal data in its online identity-verification processes such as onboarding process to digital platforms and digital signatures. This mission requires support from all parties to protect people's digital identities and reduce the risk of their misuse."

Government Regulation no. 71 of 2019 concerning the Implementation of Electronic Systems and Transactions (PP 71/2019) obliges electronic system operators (PSE) to notify the owner of personal data in the event of a failure in the protection of the personal data they manage (data breach). The PDP bill, which is currently being discussed in the House of Representatives (DPR), will outline more detailed policies in addition to defining the rights of the owner of personal data and affirming the obligations and responsibilities of data controllers and data processors, forming of data protection officer (DPO) officials, administrative sanctions and criminal sanctions.


Teguh Arifiadi, Acting Director of Informatics Application Governance at the Directorate General of Informatics Applications in the Ministry of Communication and Information Technology, explained “The PDP Bill which is currently in the finalization stage between the Government and the DPR is expected to improve electronic system governance in Indonesia. Simultaneously, various policy instruments in the PDP Bill are being formulated to reduce cybersecurity incidents and personal data leaks. Kominfo is committed to implementing transparency in administrative sanctions in the form of fines due to data breaches. The fines for violating the PDP principles that we are currently drafting are expected to be an ideal policy instrument for controlling digital identity in Indonesia.”


Based on PP 71/2019, there are several principles regarding the collection and processing of personal data:

  • It should be collected in a limited and specific way, be legally valid and fair, and with the knowledge and consent of the owner of the Personal Data;

  • It should be done according to the purpose for which it is being collected;

  • It should be done in a way that guarantees the rights of the owner of Personal Data;

  • It should be accurate, complete, up to date, and accountable, and take into account the purpose for which it is being processed;

  • It should be done in a way that protects the security of Personal Data from loss, misuse, access, and alteration or destruction of Personal Data;

  • The owner of the Personal Data should be informed about the purpose of collection, processing activities, and any failure to protect Personal Data;

  • It should be destroyed and/or deleted unless it is still in the retention period in accordance with the needs based on the provisions of the legislation.


Sati explained that as an Electronic Certificate Operator (PSrE), VIDA adheres to several principles in ensuring that digital identities are in line with the PDP Bill. "With the principles of digital identity brought by VIDA covering security, consent and transparency, users of VIDA's identity verification and digital-signature services can more easily control the crucial information they have. Armed with a VIDA electronic certificate, the decision to authenticate digital services or process digital signatures rests with the user entirely. VIDA safeguards the user's personal data and uses it only for the user's purposes, implementing end-to-end encryption for all data transmissions."


Sati also explained, “Although compliance with best practices relating to both domestic regulations and global personal data protection can reduce the risk of identity abuse, we at VIDA will go the extra mile. One way we are doing this is through comprehensive public education to promote understanding and protection of personal data and the right to privacy in this digital era. We hope that increased public awareness of personal data will lead to increased public confidence in the digital industry in Indonesia."


For more information about VIDA’s products and solutions, please click here.



8 views0 comments