TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
From compliance to confidence: How DPOs transform data security
Among other requirements, banks must maintain bank secrecy, which involves protecting depositors’ information while safeguarding other customer data according to personal data protection principles.
Change text size
Gift Premium Articles
to Anyone
Share the best of The Jakarta Post with friends, family, or colleagues. As a subscriber, you can gift 3 to 5 articles each month that anyone can read—no subscription needed!
Business as usual: An employee (left) serves a customer on June 18, 2024 at an unspecified Bank BNI branch. The government declared collective leave for civil servants and employees of state-owned enterprises on June 18, the day after the official Idul Adha holiday. (Antara/Handout/BNI)
L
aw No. 27/2022 on personal data protection (PDP) will fully take effect two years after its promulgation, which means that starting Oct. 17, businesses must not only have a legitimate basis for processing personal data but also be ready to face severe consequences when noncompliance incidents occur.
It is well understood that businesses are already realizing that having a data privacy officer (DPO) on staff will help them better prepare for current regulatory challenges. This role is expected to strategically navigate the stringent rules imposed by the law.
Naturally, the next concern is how businesses should choose and appoint their DPO. While whole industries prepare for the full impact of the upcoming implementation of the law, this question remains a major concern. Hence, we need to examine this matter in more detail.
The law mandates that companies processing personal data for public services or on a large scale appoint a DPO to carry out the function of personal data protection. However, it should not be overlooked that the legal obligation to implement the principles of personal data protection rests with the company as the data controller, not with the individual performing this duty.
Therefore, it is very important for businesses to choose and prepare DPOs with the right qualifications according to their respective industry fields. In the absence of detailed requirements provided by implementing regulations, businesses need to carefully consider three key elements before making their decisions.
The first element is understanding why they need to use personal data and being aware of the specific requirements surrounding data and information processing within their relevant industry. For instance, in the banking industry, in addition to what has been provided by the PDP Law, banks must adhere to stricter confidentiality obligations and ensure data security under banking law.
Among other requirements, banks must maintain bank secrecy, which involves protecting depositors’ information while safeguarding other customer data according to personal data protection principles.
