Do You Believe That The PDP Law Can Be 100 Percent Guarantee Your Personal Data Security?

The meeting of the DPR Plenary Session with the Ministry of Communication and Information at the Senayan Parliament Complex, Tuesday (20/9) discussed the PDP Law. (Photo: Kominfo Public Relations Bureau)

JAKARTA - The Personal Data Protection Act (UU PDP) has indeed been ratified by the Government together with the DPR in a plenary meeting, Tuesday (20/9). However, its effectiveness has not been tested.

Currently, said public policy observer Agus Pambagio, the rules seem floating. There are still a number of articles that must be clarified in government regulations.

Not to mention the regulator. If it is held by individuals who have interests, of course there will be many inequality in the future.

Can the implementing rules be completed, so that this law can be carried out in its entirety? This is what the public still expects. How are the implementing rules and how is it implemented, that's more important. Making laws much easier than implementing them," he told VOI, Wednesday (21/9).

As the name implies, the PDP Law should be a solution to ensure the security of personal data which in recent times has often been leaked.

UU must be able to be carried out completely so that when there is a problem, the handling is clear. That's what is needed, because the implementation is usually at us half-assed traffic jams and so on. People who don't agree will continue to block it, right? continued Agus.

Moreover, the rules are also related to Electronic System Operators (PSE) who also have business interests. Because, so far the government's supervision of PSE has not gone well.

The test is easy, if someone is still selling on our cellphone, it means that our number is stealing. This is one of them. Then, if it has been stolen, who do we have to complain to? Then about ID cards, now we use QR, how to protect them, this PDP is still long," Agus concluded.

Even so, Agus congratulated the Government of Indonesia and the DPR for the success of ratifying the PDP Law. Hopefully, later this rule can function as it should and not become a selective slash weapon.

"If I pay attention to every rule, that's right, but later there will be friends who support the election time, grandfather, timing of the election. Eh, don't worry, if you manage this, I will lose. In the end, it's not regulated according to the standards of the legislation. Often, it's just like that, in the end, it's just a rule," said Agus

"That's what I'm worried about with this PDP Law. But, if the implementation is good, then that's cool," he added.

In addition, said cybersecurity expert Alfons Tanujaya, the public must also understand that the PDP Law can indeed minimize data leakage. The rules are clear because there are strict sanctions in every violation.

However, the law will not reduce hackers. After all, hackers are lawbreakers and can be severely punished according to their mistakes without using the PDP Law though.

With the PDP Law, data managers can actually care more and be good in managing their data. The key to this is in an institution formed to oversee the management of personal data," said Alfons in a written statement to VOI, Wednesday (21/9).

If the agency can carry out its role properly, communicate with supervised data management institutions, be presented at the level of the data leak control task force, it will have a significant impact on improving data management in Indonesia.

"But if not, then it will not have a significant impact on improving data management in Indonesia," he continued.

According to Alfons, the role of securing the cyber realm in Indonesia has not actually changed, it is still in the National Cyber and Crypto Agency (BSSN).

That is why, BSSN must be able to position itself well, improve the capabilities of human resources, and set data security standards that must be followed by all data management institutions.

"Yes, of course, we hope that the PDP, BSSN, and Kominfo institutions can work together to carry out their roles properly according to their main duties and responsibilities in order to create a safe, healthy, and beneficial cyber realm for the Indonesian people," he concluded.

Based on the PDP Law, personal data is every data about a person, either identified and/or can be identified separately or combined with other information either directly or indirectly through an electronic system and/or non-electronic.

Personal data consists of general personal data and specific personal data.

General personal data include: full name, sexist, citizenship, religion, and/or personal data combined to identify someone.

Meanwhile, specific personal data includes health data and information.

Based on Kominfo data, the government has handled 67 reports of personal data protection violations in the 2019 period. A total of 41 of them are from the private scope, national private electronic system organizers, and 26 others from the public sphere.

"Of the 33 reports that have been completed and given sanctions and/or recommendations, there are 9 personal data controllers from the public sector, and 24 personal data controllers from the private sector/private sector," Johnny explained during a plenary meeting of the DPR, Tuesday (20/9).

The government is committed to carrying out strategic strengthening steps in all lines. Including, effective supervision of compliance and law enforcement and continuous education of personal data protection literacy for the entire community.

It is necessary to prepare ecosystems and human resources to protect personal data. As well as strengthen coordination, cooperation and collaboration across stakeholders and across national borders so that the implementation of the PDP Law can run well," concluded Johnny.