Berlangganan Pro

Senin, September 12, 2022

Updated Draft Bill on Personal Data Protection

General Corporate Technology, Media and Telecomunication

The government has issued the updated version of Draft Bill on Personal Data Protection ("Draft Bill"), which contains a total of 16 chapters and 76 articles. These chapters address the following areas: 1) General provisions; 2) Principles; 3) Types of personal data ("Data"); 4) Rights of Data subjects; 5) Processing of Data: 6) Obligations of Data controllers ("Controllers"); 7) Transfers of Data; 8) Administrative sanctions; 9) Organization; 10) International cooperation; 11) Public participation; 12) Dispute settlement processes; 13) Prohibitions on the use of Data; 14) Criminal provisions; 15) Transitional provisions; and 16) Closing provisions.
The Draft Bill states that during the processing of Data, Controllers are required to comply with the following: 1) Explicit valid consent must be given by Data subjects for one or several purposes, as requested by Controllers; 2) Must fulfill any obligations that are set out under agreements in terms of Data subjects that are part of parties or must fulfill requests made by Data subjects at the time of entering into agreements; 3) Must fulfill the legal obligations of Controllers in accordance with the relevant laws and regulations; 4) Must protect the vital interests of Data subjects; 5) The implementation of any tasks must be undertaken in line with the public interest, public services and/or the implementation of a Controller’s authority based on applicable laws and regulations; and/or 6) Other legitimate interests must be fulfilled by taking into account the objectives, needs and balance of the interests of Controllers and the rights of Data subjects.
The Draft Bill introduces a specific institution responsible for the organization of PDP ("Institution"), which will fall under the direct supervision of the president. The Institution has the authority to impose various administrative sanctions in relation to any acts of non-compliance addressed under the Draft Bill. Said sanctions encompass the following: 1) Written warnings; 2) Temporary suspension of Data processing activities; 3) Erasure or destruction of Data; and/4) Administrative fines, which are variable and which will be imposed at a maximum rate of 2% of annual income.
The designation of Data Protection Officers (DPO) is mandatory for all Controllers and Data processors in relation to the following activities: 1) Processing of Data in relation to public services; 2) Core activities of Controllers that are of a nature and scope and/or are in line with objectives that require regular and systematic Data monitoring on a large scale; and 3) Core activities of Controllers that comprise the processing of large amounts of Data of a specific nature and/or Data that relate to criminal acts.
The Draft Bill mandates an adjustment period of two years for compliance with its various provisions and this period will apply to Controllers, Data processors and other relevant parties.

......

Sudah memiliki akun? Masuk

Hukumonline Pro

Berlangganan sekarang untuk akses tak terbatas ke berbagai Analisis Hukum!

Tingkatkan kualitas penelitian hukum Anda dengan berlangganan Paket Professional Hukumonline Pro dan dapatkan lebih banyak analisis hukum untuk referensi yang komprehensif

PRO PLUS

Rp 7.500.000

per bulan

Semua Fitur Paket Professional
Layanan Penerjemahan Peraturan
Precedent Hukumonline
Virtual Discussion

PROFESSIONAL

Rp 4.500.000

per bulan

Semua Fitur Paket Standard
Terjemahan Peraturan
Peraturan Konsolidasi
Premium Stories
Monthly Law Review (MLR)
Indonesian Law Digest (ILD)

STANDARD

Rp 2.500.000

per bulan

Indonesian Legal Brief (ILB)
Daily Updates
Bantuan Layanan Pencarian Peraturan
Pusat Data Peraturan dan Putusan Pengadilan Non-Precedent

The government has issued the updated version of Draft Bill on Personal Data Protection ("Draft Bill"), which contains a total of 16 chapters and 76 articles. These chapters address the following areas: 1) General provisions; 2) Principles; 3) Types of personal data ("Data"); 4) Rights of Data subjects; 5) Processing of Data: 6) Obligations of Data controllers ("Controllers"); 7) Transfers of Data; 8) Administrative sanctions; 9) Organization; 10) International cooperation; 11) Public participation; 12) Dispute settlement processes; 13) Prohibitions on the use of Data; 14) Criminal provisions; 15) Transitional provisions; and 16) Closing provisions.
The Draft Bill states that during the processing of Data, Controllers are required to comply with the following: 1) Explicit valid consent must be given by Data subjects for one or several purposes, as requested by Controllers; 2) Must fulfill any obligations that are set out under agreements in terms of Data subjects that are part of parties or must fulfill requests made by Data subjects at the time of entering into agreements; 3) Must fulfill the legal obligations of Controllers in accordance with the relevant laws and regulations; 4) Must protect the vital interests of Data subjects; 5) The implementation of any tasks must be undertaken in line with the public interest, public services and/or the implementation of a Controller’s authority based on applicable laws and regulations; and/or 6) Other legitimate interests must be fulfilled by taking into account the objectives, needs and balance of the interests of Controllers and the rights of Data subjects.
The Draft Bill introduces a specific institution responsible for the organization of PDP ("Institution"), which will fall under the direct supervision of the president. The Institution has the authority to impose various administrative sanctions in relation to any acts of non-compliance addressed under the Draft Bill. Said sanctions encompass the following: 1) Written warnings; 2) Temporary suspension of Data processing activities; 3) Erasure or destruction of Data; and/4) Administrative fines, which are variable and which will be imposed at a maximum rate of 2% of annual income.
The designation of Data Protection Officers (DPO) is mandatory for all Controllers and Data processors in relation to the following activities: 1) Processing of Data in relation to public services; 2) Core activities of Controllers that are of a nature and scope and/or are in line with objectives that require regular and systematic Data monitoring on a large scale; and 3) Core activities of Controllers that comprise the processing of large amounts of Data of a specific nature and/or Data that relate to criminal acts.
The Draft Bill mandates an adjustment period of two years for compliance with its various provisions and this period will apply to Controllers, Data processors and other relevant parties.

......

Sudah memiliki akun? Masuk

Hukumonline Pro

Berlangganan sekarang untuk akses tak terbatas ke berbagai Analisis Hukum!

Tingkatkan kualitas penelitian hukum Anda dengan berlangganan Paket Professional Hukumonline Pro dan dapatkan lebih banyak analisis hukum untuk referensi yang komprehensif

PRO PLUS

Rp 7.500.000

per bulan

Semua Fitur Paket Professional
Layanan Penerjemahan Peraturan
Precedent Hukumonline
Virtual Discussion

PROFESSIONAL

Rp 4.500.000

per bulan

Semua Fitur Paket Standard
Terjemahan Peraturan
Peraturan Konsolidasi
Premium Stories
Monthly Law Review (MLR)
Indonesian Law Digest (ILD)

STANDARD

Rp 2.500.000

per bulan

Indonesian Legal Brief (ILB)
Daily Updates
Bantuan Layanan Pencarian Peraturan
Pusat Data Peraturan dan Putusan Pengadilan Non-Precedent

Latest Analysis

2024 Hak Cipta Milik Hukumonline.com