…including not processing personal data based on data usage and not preventing unauthorized access to data.
Jakarta (ANTARA) – The Personal Data Protection Agency (PDP) will work under the aegis of the President, so it will be responsible to the Head of State, said Minister of Communication and Information, Johnny G. Plate.
The establishment of the agency is in line with Articles 58 to 60 of the PDP Law, which was ratified by the Indonesian House of Representatives (DPR RI) on Tuesday, he said.
The agency will perform a number of tasks, including formulating and stipulating PDP policies and strategies, overseeing the implementation of the PDP, enforcing administrative sanctions against violators of the PDP, as well as facilitating the out-of-court dispute resolution for PDPs, he said.
The minister informed that there will be two types of sanctions.
The first are the administrative sanctions described in article 57 of the PDP law. They include written warnings, temporary prohibition of personal data processing activities, destruction of personal data held by offenders and/or administrative fines.
Related news: Bill on the protection of personal data ratified on September 20: President of the Chamber
“Sanctions will be imposed on the controller or processor of personal data if they violate the PDP Act, including not processing personal data based on the use of data and not preventing access unauthorized to data,” Plate said.
The second type of penalties are the penal provisions outlined in Sections 67-73 of the Act, which include a maximum fine of Rs 4-6 billion and a maximum prison term of 4-6 years.
Sanctions will be imposed on natural or legal persons who commit prohibited acts, including collecting personal data that does not belong to them for their own benefit and/or that of other parties, disclosing personal data that does not belong to them , as well as the falsification of personal data, which may cause harm to others.
Section 69 of the Act also provides for additional penalties, including confiscation of profits and/or assets derived from criminal acts as well as requiring offenders to pay compensation to victims of a personal data breach. .
Further, in Section 70 of the PDP Act, it is regulated that the penalty will be 10 times higher than the original fine of Rs 4-6 billion if the crime is committed by a corporation.
Violators who falsify personal data will be sentenced to six years and/or a fine of 60 billion rupees, while those who sell or buy personal data will be sentenced to five years and/or a fine of 50 billion rupees.
Related news item: Strengthening data security for users of digital health services: the legislator
An additional sanction will involve the freezing of the activities of the company or the complete dissolution of the company.
The Minister said that the implementation of the PDP Act is the first step on the long road to improving personal data protection in Indonesia.
“We encourage the participation of all stakeholders, all government agencies and law enforcement agencies, to successfully implement the PDP Act to establish a new era in personal data management in Indonesia and to build a safe digital space in Indonesia,” he added.
Related News: Expect PSEs to improve cybersecurity with ratification of PDP bill: Plate
Related News: Parliament Passes Personal Data Protection Bill As Law