YOGYAKARTA Personal data that must be protected must be known in the midst of an increasingly massive era of information and communication technology.

Please note, in the cyber security concept, there are two types of data that should not be leaked, namely digital identity and personal data.

If the personal data digital identity is leaked, the data owner has the potential to experience four cyber crime risks, such as:

So, what personal data should be protected?

In the Personal Data Protection Law (UU PDP) Article 3 paragraph (1) it is stated that personal data is divided into two, namely personal data is general and personal data is specific.

The explanation is as follows:

Some things that fall into the category of general personal data as referred to in the PDP Law Article 3 paragraph (2) include:

What is meant by specific personal data is personal data that requires special protection because it can endanger or harm the privacy of data subjects.

According to Article 3 Paragraph (3) of the PDP Law, specific personal data includes:

Health data and information;

Just for additional information, the PDP Bill has been initiated since 2016 and consists of 72 articles and 15 chapters. This bill was passed into law on October 17, 2022.

Quoted by VOI from the Indonesia.go.id page, in the draft PDP Law, there are two types of sanctions for violators of personal data. First, for controllers or processors of personal data if they violate the provisions of the PDP Law. Such as not processing personal data according to their objectives and not preventing access to illegal data, will get sanctions in the form of:

Second, for individuals or corporations who commit prohibited acts. For example, collecting personal data that does not belong to them to benefit themselves or other people revealing personal data that does not belong to them and falsifying personal data for profits that result in losses for others can be subject to Articles 67 to 73 of the PDP Law, will receive sanctions:

In addition to these sanctions, Article 69 regulates additional penalties in the form of confiscation of profits and/or assets obtained or proceeds from criminal acts and compensation payments.

If a criminal act is committed by a corporation, according to Article 70 of the PDP Law, it can be subject to a fine of 10 times that of the original criminal and other additional penalties.

For violations of the PDP Law, falsifying personal data can be sentenced to 6 years and/or a fine of Rp. 60 billion.

If you sell or buy personal data, you will be sentenced to 5 years or a fine of IDR 50 billion.

Corporations that are proven to violate this law can be subject to additional penalties in the form of confiscation of profits and/or assets/freezing of all or part of corporate efforts to the dissolution of corporations.

This is information about the type of personal data that must be protected along with sanctions for violators of personal data.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)