In today’s digital landscape, the threat to personal data is becoming increasingly prominent, especially in countries like Indonesia that are vulnerable to data breaches. According to the National Cyber and Encryption Agency (BSSN), more than 403 million cyber-attacks and 103 incidents of personal data leaks were recorded in 2023 alone. These threats primarily target government institutions, as well as sectors such as information technology, finance, transportation, energy, and healthcare. These numbers are expected to rise annually with advancing technology.

To address this situation, the Indonesian government has enacted Law No. 27 of 2022 on Personal Data Protection (PDP Law). This law aims to safeguard the personal data of Indonesian citizens and prevent breaches that could harm both individuals and businesses.

The PDP Law: Implementation and Penalties

Following a transition period since its enactment in October 2022, the PDP Law will take full effect in October 2024. All companies processing personal data, including those in finance, banking, insurance, telecommunications, healthcare, retail, transportation, e-commerce, media, entertainment, and education, are required to comply with the regulations outlined in this law.

Should a data breach occur, companies acting as Personal Data Processors will face a range of penalties, from written warnings, temporary suspension of data processing activities, data deletion, to hefty administrative fines. This poses a significant challenge for many companies, particularly those lacking a structured data management system.

During the seminar “Data Privacy in the Digital Era: Safeguarding Your Data and Ensuring Compliance with Indonesia’s PDP Law,” organized by PT Multipolar Technology Tbk in Bali in August 2023, Achmad Fakhrudin, Senior Vice President of Multipolar Technology, emphasized the importance of managing customer data properly to ensure business continuity. Customer data is one of a company’s most valuable assets, and the PDP Law demands that it be handled and protected appropriately.

Necessary Data Protection Solutions

To help companies comply with the PDP Law, various data privacy compliance solutions have been introduced. One such solution is Securiti, supported by Artificial Intelligence (AI) and Machine Learning (ML) technology. Securiti enables companies to manage and protect sensitive data, reduce risks, and maintain compliance with evolving regulations. This technology automatically verifies a company’s compliance with the PDP Law and ensures that data is processed according to user consent.

According to Achmad Fakhrudin, some of the key benefits of Securiti include:

1. Identifying sensitive data, both structured and unstructured.
2. Simplifying data subject requests, such as corrections or deletions.
3. Minimizing risks related to privacy data management.
4. Detecting potential data breaches by third parties.
5. Ensuring the processing of personal data with valid consent.

Implementing solutions like Securiti allows companies to better protect users' personal data and reduce the risk of sanctions for data breaches.

API Security Challenges and Hybrid Working

A significant source of data breach threats today comes from the connectivity between applications using Application Programming Interface (API) technology. APIs play a major role in various digital activities, including banking transactions via internet and mobile banking, as well as integration with payment ecosystems initiated by Bank Indonesia through the National Standard Open API for Payments (SNAP). However, the wider the use of APIs, the greater the potential security threats companies face.

Herryyanto, Director Account Management FSI & Commercial at Multipolar Technology, recommends using the Noname Security solution to address these challenges. Noname Security is an API security solution that monitors API traffic, analyzes anomalies, and detects vulnerabilities in real-time. Powered by AI, Noname Security can reduce the risk of cyber-attacks, such as data theft and manipulation, without modifying a company’s operational infrastructure.

Beyond API threats, the hybrid working trend, which involves using multiple devices like laptops and smartphones with varying internet connections, also opens up vulnerabilities for cyber-attacks. Ransomware is one such attack that often results from these security gaps. To address this issue, Jip Ivan Sutanto, Director Enterprise Application Services Business at Multipolar Technology, recommends equipping companies with IBM Guardium. IBM Guardium monitors, analyzes, and protects data in real-time, providing early warnings in case of cyber-attacks.

With this solution, companies can easily track where customer personal data is stored, speeding up the process of data retrieval when needed. This solution is especially suitable for large companies with numerous employees and branches, such as in banking, insurance, and telecommunications.

Global Regulatory Compliance

Indonesia’s PDP Law aligns with global personal data protection regulations such as the General Data Protection Regulation (GDPR) in the European Union, the Personal Data Protection Commission in Singapore, and the Personal Data Protection Act 2019 in Thailand. All of these regulations aim to protect user personal data and grant greater rights to data owners.

Companies that fail to comply with these regulations, whether domestically or internationally, risk facing severe penalties. It is therefore crucial for every company to adopt the right data management solutions as soon as possible.

Docuflo’s Participation in PDP Law Compliance

As a company operating in the document and information management industry, Docuflo actively supports compliance with Indonesia’s PDP Law. Docuflo offers a range of products designed to help companies manage data securely and efficiently. Docuflo’s products enable companies to maintain the integrity and confidentiality of personal data, reduce the risk of breaches, and comply with applicable regulations.

With Docuflo’s AI-based solutions, companies can streamline document and data management processes while ensuring compliance with strict data protection standards like those mandated by the PDP Law.

Conclusion

As the PDP Law takes effect in October 2024, companies in Indonesia must be prepared to face challenges in managing and protecting users’ personal data. Severe penalties await those who fail to comply with this regulation, especially in the event of a data breach. Implementing solutions such as Security, Noname Security, IBM Guardium, along with the participation of companies like Docuflo, will be crucial steps in ensuring compliance with the PDP Law and enhancing data security in the digital era.

For more information, you can send an email to info@indocyber.co.id .

Source:

https://mediaindonesia.com/humaniora/695412/uu-pdp-berlaku-sanksi-berat-mengancam-perusahaan-jika-terjadi-kebocoran-data