Understanding the principles of personal data processing On October 17, 2022, the Government of Indonesia enacted Law Number 17 of 2022 concerning Personal Data Protection (“PDP Law”). Under the PDP Law, all parties involved in the processing of personal data are required to comply with the provisions of the law within two (2) years from the date it was enacted. This was carried out to ensure that the company complies with the PDP Law in its line of business that has already been implemented “As stipulated in Law Number 17 of 2022 on Personal Data Protection (“PDP Law“) the protection of personal data is a fundamental human right aimed at safeguarding the rights of citizens. The processing of personal data often involves various parties, including individuals as data subjects and data controllers who determine the purposes and means of processing such data.  Personal data processing includes several stages as outlined in Article 16 paragraph (1) of the PDP Law, namely: Acquisition and collection Filtering and analysis Storage Fixes and updates Display, announcement, transfer, dissemination, and/or disclosure Deletion or destruction   Both Data Controllers and Data Processors are legally obligated to comply with the principles of data processing as mandated by the PDP Law. There are eight fundamental principles that must be observed in the processing of personal data:   1. Collection of Personal Data Must Be Limited, Specific, Lawful, and Transparent  The collection of personal data must be limited to what is necessary and directly related to the purpose for which the data is processed. Data must not be collected for purposes other than those disclosed to the data subject. Additionally, the collection must be legally justified, based on valid legal grounds as set forth in the PDP Law. Transparency is key, data subjects must be clearly informed about what data is being collected and for what purpose. 2. Personal Data Must Be Processed in Accordance with its Purpose Data must be processed strictly in line with the original purpose communicated to the data subject. Each stage whether collection, processing, storage, disclosure, or deletion must align with the disclosed purpose. if the purpose changes, a new consent must be obtained from the data subject. 3. Personal Data Must Be Processed in Accordance with its Purpose Data processing must uphold the rights of the data subject as provided under the PDP Law. These include:  Right to Access Right to information Right to Rectification or Update of inaccurate Data Right to Restrict Processing Right to Erasure, Termination, or Destruction of Processing Right to Withdraw Consent Right to Data Portability Right to Object    4. Personal Data Must Be Accurate, Complete, Up-to-Date, Non-Misleading, and Accountable Personal data must be processed with accuracy and integrity. The information should be current and maintained in a way that avoids any misrepresentation or misunderstanding. Data controllers must ensure ongoing data accuracy and completeness throughout its lifecycle.   5. Personal Data Processing Must Safeguard Against Unauthorized Access, Disclosure, Alteration, Misuse, Destruction, or Loss All parties involved in data processing must implement robust security measures. These may include data encryption, employee training, access control systems, and routine audits to ensure data confidentiality, integrity, and availability.   6. Purpose and Activities of Data Processing, Including Data Breaches, Must Be Disclosed Data controllers are required to provide clear information on the purpose and nature of data processing, typically through a Privacy Notice that is easily understood by the data subjects. If there is any change in the processing purpose or activities, data subjects must be informed. In teh event of a personal data breach, the Data Controller must notify the data subject and the relevant supervisory authority in writing within 3 x 24 hours, as mandated by the PDP Law.    7. Personal Data Must Be Deleted or Destroyed After the Retention Period or Upon Request of Data Subject, Unless Otherwise Stipulated by Laws and Regulations Data controllers must implement a data retention policy that defines how long personal data is stored, in line with the purpose of collection. in accordance with Article 8 of the PDP Law, data subjects have the right to request the termination of processing, deletion, or destruction of their personal data, unless otherwise required by applicable laws and regulations   8. Personal Data Must Be Processed Responsibly and Can Be Clearly Prover Under this principle, the Data Controller is obligated to manage personal data responsibly. This inludes ensuring the security of personal data and processing it strictly in accordance with the intended purposes of the processing activities. Accordingly, this principle requires that:  If the legal basis for processing is consent, such consent must be documented and recorded in writing; A record of all personal data processing activities must be maintained; A Data Protection Impact Assessment (DPIA) document must be in place.     Share: Print Twitter WhatsApp LinkedIn Leave a Reply Cancel reply Logged in as Media GRP. Edit your profile. Log out? Required fields are marked * Message* Δ Comprehensive law services for your constititional rights Address 18 Office Park Building, Jl. TB Simatupang No.18 Lantai 6, Suite B, Kebagusan, Pasar Minggu, South Jakarta City, Jakarta 12520 Get In Touch Email: partner@grplaw.id Phone: 021-50112216 Youtube Instagram Linkedin

Personal data protection personal data regulation in indonesia General Overview On October 17, 2022, the Government of Indonesia enacted Law Number 17 of 2022 concerning Personal Data Protection (“PDP Law”). Under the PDP Law, all parties involved in the processing of personal data are required to comply with the provisions of the law within two (2) years from the date it was enacted. This was carried out to ensure that the company complies with the PDP Law in its line of business that has already been implemented. What is Personal Data? Personal data refers to information about an individual who is identified or can be identified, either independently or in combination with other information, directly or indirectly, through electronic or non-electronic systems. Under the PDP Law, personal data is categorized into two types: general personal data and specific personal data. General Personal Data Specific Personal Data Full name Data and information on Health Gender Biometric data Nationality Genetic data Religion Criminal records Marital status Child data Personal data that is combined to identify an individual Financial data Other data as regulated by prevailing laws and regulations What is a Data Subject and What is the Role of Companies in Personal Data Processing? 1. Personal Data Subject A personal data subject is an individual to whom personal data relates. The data subject is the rightful owner of the personal data that is collected, stored, and used by other parties. 2. Personal Data Controller A personal data controller is a party that determines the purpose and has control over the processing of personal data. The data controller can be an individual, a public entity, or an international organization. 3. Personal Data Processor A personal data processor is any individual, entity, public body, or international organization that processes personal data on behalf of the data controller, either independently or jointly with others. The data processor is not authorized to use the personal data for its own interests, but must carry out the processing in accordance with the instructions from the data controller. What Are the Rights of Data Subjects? One of the key aspects of the Personal Data Protection Law (PDP Law) is the protection of data subjects. These rights give data subjects control over their personal data that is collected, stored, and used by other parties.The rights of personal data subjects include:   1. Right to Access The data subject has the right to access and obtain a copy of their personal data in accordance with applicable laws and regulations. 2. Right to Information The data subject has the right to receive clear information regarding the identity of the requesting party, the legal basis, the purpose of the data request, and how the personal data will be used. 3. Right to Rectification The data subject has the right to complete, update, and/or correct any errors or inaccuracies in their personal data, in accordance with the purpose of the personal data processing.  4. Right to Restrict Processing The data subject has the right to suspend or restrict the processing of their personal data proportionally, in line with the intended purpose of the processing. 5. Right to Terminate the Processing, deletion, and/or destruction of their Personal data The data subject has the right to terminate the processing, deletion, and/ or destruction of their personal data in accordance with the provisions of the Prevailing laws and regulations. 6. Right to Withdraw Consent The data subject has the right to withdraw previously given consent for the processing of their personal data by the data controller. 7. Right to Data Portability The data subject has the right to transfer their personal data to another party, as long as the systems used are capable of securely communicating with each other in accordance with the principles of personal data protection. 8. Right to Object The data subject has the right to object to decision-making processes that are based solely on automated processing, including profiling, especially when such decisions have legal consequences or significantly affect the data subject.   What Are the Sanctions for Violations of the Personal Data Protection Law (PDP Law) ?  A. Criminal Sanctions Violations of the Personal Data Protection Law (PDP Law) may result in both criminal and administrative sanctions. Criminal sanctions may be imposed for the following actions: Intentionally and unlawfully obtaining or collecting personal data that does not belong to them, with the intent to benefit themselves or others, which may cause harm to the data subject. Intentionally and unlawfully disclosing personal data that does not belong to them. Intentionally and unlawfully using personal data that does not belong to them. Intentionally creating or falsifying personal data with the intent to benefit themselves or others, which may cause harm to others.   Criminal sanctions for the above violations may include imprisonment ranging from four (4) to six (6) years and/or a fine of up to IDR 6 billion. If the above criminal acts are committed by a corporation, sanctions may be imposed on its directors, controllers, those giving orders, beneficial owners, and/or the corporation itself. Additional criminal sanctions that may be imposed on corporations include: a. Fines of up to ten (10) times the maximum stipulated fine.b. In addition to the fine, corporations may also be subject to the following penalties: 1. Consfiscation of profits and/or assets obtained; 2. Partial or total suspension of business operations; 3. Permanent prohibition from carrying out certain activities; 4. Closure of part or all of the business premises and/or corporate activities; 5. Fulfillment of previously neglected obligations; 6. Compensation payment to affected parties; 7. Revocation of licenses; 8. Dissolution of the corporation.   B. Administrative Sanctions Administrative sanctions may be imposed for violations of provisions related to personal data, as stipulated in Article 57 paragraph (1) of the PDP Law such as:a. Failure of the data controller to appoint a data protection officer or personnel responsible for the function of personal data protection. b. Failure of the data controller to comply with the orders of the authorized data protection authority Share: Print Twitter WhatsApp LinkedIn Leave a Reply Cancel reply Logged in as Media GRP. Edit your

Dalam hukum internasional moderen, ada 2 (dua) ketentuan utama yang berkaitan dengan perang, diantaranya adalah Jus ad Bellum dan Jus in Bello. Jus ad Bellum berhubungan dengan ketentuan yang melarang menggunakan kekerasan atau perang sebagai alat untuk menyelesaikan perselisihan antar negara, sebagaimana disebutkan dalam Pasal 2 ayat (4) Piagam Persatuan Bangsa-Bangsa (PBB).

Masihkah dokter berhak mengatur dan mengurus profesinya sendiri? Pertanyaan ini muncul di benak saya pribadi dan mungkin juga di benak kebanyakan dokter hari ini terutama setelah membaca Undang-Udang Kesehatan yang baru saja disahkan. Diundangkan dengan teknik yang sama untuk membentuk Undang-Undang Cipta Kerja (omnibus), Undang-Undang Nomor 17 Tahun 2023 melibas setidaknya 11 (sebelas) undang-undang bertema pelayanan kesehatan.

We are humbled to announce that Our Legal Team had succesfully assisted one of Our Client over wakaf’s Land Dispute at District Court of Sidoarjo, Surabaya and granted claims more than 2,5 billion rupiahs.

Setelah terbukti cacat formil secara bersyarat oleh putusan MK, dan diperintahkan diperbaiki selambatnya 2 tahun, bukannya diperbaiki dalam bentuk Undang-Undang yang baru, Pemerintah justru menerbitkan Perpu Nomor 2 Tahun 2022 untuk memperbaiki Undang-Undang Cipta Kerja.

Our Legal Team had succesfully assisted PT Visi Investama Properti (VIP), a large property company based in Jakarta. The Disputes came over the negligence of The Agreement of Zuriah Tower Transaction, which built and owned by VIP before that later bought and taken over by and changed the tower name into Perum Perhutani Building. The panel of Judges found our claims are proven and then burden the defendant to pay for the loss arround 8 billion rupiahs. #grplaw #courtdecision #succesfullcase