SlideShare a Scribd company logo

Personal Data Protection in Indonesia

Eryk Budi Pratama
Eryk Budi Pratama

Personal Data Protection from regulation and technical perspectives. Presented at Universitas Negeri Makassar Webinar

Law
1 of 26
11 PERSONAL DATA PROTECTION Eryk B. Pratama, S.Kom, M.M, M.Kom Data Privacy & Cyber Security Consultant at Global Consulting Firm Komunitas Data Privacy & Protection Indonesia (t.me/dataprotectionid) https://medium.com/@proferyk & https://slideshare.net/proferyk Universitas Negeri Makassar Regulation and Technical Aspects
Agenda 01 Setting-up the Context 02 Regulation Aspects 03 Technical Aspects 04 Cyber Hygiene Implementation
A perspective on data breaches - Indonesia Setting-up the Context https://www.cnnindonesia.com/teknologi/20200506065657-185-500477/13-juta-data-bocor- bukalapak-dijual-di-forum-hacker https://tekno.kompas.com/read/2020/05/10/21120067/hacker-klaim-punya-data-12- juta-pengguna-bhinnekacom?page=all https://www.thejakartapost.com/news/2020/05/04/tokopedia-data-breach-exposes- vulnerability-of-personal-data.html https://www.thejakartapost.com/news/2019/09/19/lion-air-leak-puts-data- protection-in-spotlight.html Key Information Security Controls ▪ System configuration ▪ Access management ▪ Third party risk ▪ Human risks (Carelessness)
A perspective on misuse of data - Indonesia Setting-up the Context https://www.cnnindonesia.com/nasional/20200711053527-20-523446/data-pribadi- bocor-denny-siregar-bakal-gugat-telkomsel https://www.cnnindonesia.com/nasional/20200711053527-20-523446/data-pribadi-bocor- denny-siregar-bakal-gugat-telkomsel
Case Study – Personal Data Breach via Vulnerable Web Application
Data Privacy vs Data Protection Ethics & Regulation Information Security Control
Bring it in one page Setting-up the Context Regulation Technical Aspects EU General Data Protection Regulation (GDPR) US California Consumer Protection Act (CCPA) RUU Perlindungan Data Pribadi (RUU PDP) Pre-Breach Identity & Access Management Data Loss/Leakage Prevention Privilege Access Management Cyber Hygiene During & Post Breach Incident Management Crisis Management PP 71 2019 - PSTE Peraturan Kominfo No 20 2016 - Data Pribadi pada PSE
Regulation Aspects
RUU Perlindungan Data Pribadi Regulation Aspects Key Highlight ▪ Explicit Consent is required from the data owner for personal data processing. ▪ Responding timelines for Data subject rights have been separately called out in the RUU PDP. ▪ Data controller to notify the data owner and the Minister within 3 days of data breach. ▪ Penalties for non-compliance may range from Rp 20 Billion to Rp 70 Billion or Imprisonment ranging from 2 to 7 years Data Owner Data Controller Data Processor Data Protection Officer
Data Owner – Pemilik Data Pribadi Regulation Aspects Hak Pemilik Data Pribadi Pasal Deskripsi Pasal 4 meminta Informasi tentang kejelasan identitas, dasar kepentingan hukum, tujuan permintaan dan penggunaan Data Pribadi, dan akuntabilitas pihak yang meminta Data Pribadi. Pasal 5 melengkapi Data Pribadi miliknya sebelum diproses oleh Pengendali Data Pribadi. Pasal 6 mengakses Data Pribadi miliknya sesuai dengan ketentuan peraturan perundang-undangan. Pasal 7 memperbarui dan/atau memperbaiki kesalahan dan/atau ketidakakuratan Data Pribadi miliknya sesuai dengan ketentuan perundang-undangan. Pasal 8 mengakhiri pemrosesan, menghapus, dan/atau memusnahkan Data Pribadi miliknya. Pasal 9 menarik kembali persetujuan pemrosesan Data Pribadi miliknya yang telah diberikan kepada Pengendali Data Pribadi Pasal 10 mengajukan keberatan atas tindakan pengambilan keputusan yang hanya didasarkan pada pemrosesan secara otomatis terkait profil seseorang (profiling). Pasal 11 memilih atau tidak memilih pemrosesan Data Pribadi melalui mekanisme pseudonim untuk tujuan tertentu Pasal 12 menunda atau membatasi pemrosesan Data Pribadi secara proporsional sesuai dengan tujuan pemrosesan Data Pribadi Pasal 13 menuntut dan menerima ganti rugi atas pelanggaran Data Pribadi miliknya sesuai dengan ketentuan peraturan perundang-undangan.
Data Controller – Pengendali Data Pribadi Regulation Aspects Kewajiban Data Controller Pasal Deskripsi Pasal 24 ▪ wajib menyampaikan Informasi mengenai legalitas dari pemrosesan , tujuan pemrosesan , jenis dan relevansi pemrosesan, periode retensi dokumen, rincian informasi yang dikumpulkan, dan jangka waktu pemrosesan data ▪ menunjukkan bukti persetujuan yang telah diberikan oleh Pemilik Data Pribadi Pasal 25 wajib menghentikan pemrosesan Data Pribadi dalam hal Pemilik Data Pribadi menarik kembali persetujuan pemrosesan Data Pribadi Pasal 27 wajib melindungi dan memastikan keamanan Data Pribadi yang diprosesnya dengan melakukan: ▪ penyusunan dan penerapan langkah teknis operasional untuk melindungi Data Pribadi ▪ penentuan tingkat keamanan Data Pribadi dengan memperhatikan sifat dan risiko dari Data Pribadi yang harus dilindungi dalam pemrosesan Data Pribadi Pasal 28 wajib melakukan pengawasan terhadap setiap pihak yang terlibat dalam pemrosesan Data Pribadi Pasal 29 wajib memastikan pelindungan Data Pribadi dari pemrosesan Data Pribadi yang tidak sah Pasal 36 wajib melakukan pemrosesan Data Pribadi sesuai dengan tujuan pemrosesan Data Pribadi yang disetujui oleh Pemilik Data Pribadi. (Explisit / Implicit Consent) Pasal 38 Pasal 39 Penghapusan dan pemusnahan data pribadi
Data Masking Regulation Aspects Encryption Tokenization Anonymization Pseudonymization Source: https://teskalabs.com/blog/data-privacy-pseudonymization-anonymization-encryption Pseudonymized Anonymized
Data Masking - Tokenization Regulation Aspects Source: https://blog.thalesesecurity.com/2015/02/05/token-gesture-vormetric-unveils-new-tokenization-solution/ No sensitive data is stored in the production database
Technical Aspects
Information Security Complexity – Reference Architecture Technical Aspects Source: https://www.opensecurityarchitecture.org/cms/library/patternlandscape
Information Security Complexity - Example Technical Aspects Source: https://gallery.technet.microsoft.com/Cybersecurity-Reference-883fb54c
From Simply Managing Identities to Managing Complex Relationships Technical Aspects – Identity & Access Management Identity Access Management Identity Relationship Management Source: Forrester Research
Simplifying the complexity Technical Aspects – Identity & Access Management Authoritative/Trusted Source Middleware / Identity Management Solution Target System HR Data IDM Solution Active Directory Email Server ERP Others Applications Provisioning Reconciliation Create,Update,Revoke
Access Management Basic Process Technical Aspects – Identity & Access Management Receive Request Verification Provide Rights Log and Track Access ▪ Change requests ▪ Services requests ▪ HR requests ▪ App / Script requests ▪ Valid user ? ▪ Valid request ? ▪ Request access ? ▪ Remove access ? ▪ Provide access ▪ Remove access ▪ Restrict access ▪ Check and monitor identity status ▪ Violations to Incident Management Process Business Rules, Policies, Procedures, Controls ISMS
Data Loss/Leakage Prevention Solution Technical Aspects – Data Loss Prevention A Data Loss Prevention (DLP) solution typically incorporates people, process, and technology to protect sensitive data traversing throughout an organization. Data within an organization is often categorized and protected by DLP in the following three different forms: Data in Motion Data at Rest Data in Use Data that is transmitted or moved, both through electronic or non-electronic means. Data that is actively traveling on a network, such as email or web traffic. Data that resides on a stable medium, including servers, network shares, databases, individual computers, and portable media. Data that has been obtained and are being processed or actively used. Typically, referring to data on end-user computing device or host systems. Structured Data Unstructured Data Semi-structured Data Data commonly stored in databases or applications Exists in filesystems or documents Examples of such data format types include email Data Type
Incident Management Definition Technical Aspects – Incident Management What is an IT incident? An IT incident is any disruption to an organization's IT services that affects anything from a single user or the entire business . In short, an incident is anything that interrupts business continuity. What is IT incident management? Incident management is the process of managing IT service disruptions and restoring services within agreed service level agreements (SLAs). The scope of incident management starts with an end user reporting an issue and ends with a service desk team member resolving that issue. Analyst Incident Responder Digital Forensic Incident Escalation Layer 1 (L1) Layer 2 (L2) Layer 3 (L3) Incident Classification MediumHigh Low Incident Prioritization Critical High Medium Low
Cyber Hygiene Implementation
Implement Cyber Hygiene as Foundational Action Key Takeaways What is Cyber Hygiene? Cyber hygiene refers to steps taken by users to maintain the health of their computers and devices and improve online security to prevent the theft or corruption of data. Cyber Hygiene Practices 1. Keep an inventory of the hardware and software on your network 2. Install reputable antivirus and malware software 3. Conduct cybersecurity education and awareness activities 4. Update and patch software regularly 5. Regularly back up your data and keep multiple copies 6. Limit the number of employees who have administrative privileges 7. Establish an incident response plan. 8. Establish network security and monitoring 9. Perform regular vulnerability assessment and secure configuration review 10.Implement some controls to protect and recover data if a breach occurs Keep update with regulation and cyber threat
Cyber Hygiene in Public Environment Key Takeaways Check Legitimate WIFI ID/SSID Be careful with piggyback/tailgating Don’t click malicious pop-up and URL Use VPN (if possible)
Staying Safe when Online Key Takeaways Use secured personal device Activate pop-up/Ad blocker Activate private / incognito mode Use VPN (if possible) Use strong/complex password Make Online Purchases From Secure Sites Be Careful on What You Access & Download
Thank You ☺ https://medium.com/@proferyk https://www.slideshare.net/proferyk IT Advisory & Risk (t.me/itadvindonesia) Data Privacy & Protection (t.me/dataprivid) Komunitas Data Privacy & Protection (t.me/dataprotectionid)

Recommended

Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Top 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationTop 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationWatchful Software
 
Keamanan Informasi dan Perlindungan Data Pribadi
Keamanan Informasi dan Perlindungan Data PribadiKeamanan Informasi dan Perlindungan Data Pribadi
Keamanan Informasi dan Perlindungan Data PribadiWidy Widyawan
 

Recommended

Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Top 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationTop 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationWatchful Software
 
Keamanan Informasi dan Perlindungan Data Pribadi
Keamanan Informasi dan Perlindungan Data PribadiKeamanan Informasi dan Perlindungan Data Pribadi
Keamanan Informasi dan Perlindungan Data PribadiWidy Widyawan
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIRingkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIEryk Budi Pratama
 
18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure IslandsSecure Islands - Data Security Policy
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Melihat RUU Pelindungan Data Pribadi
Melihat RUU Pelindungan Data PribadiMelihat RUU Pelindungan Data Pribadi
Melihat RUU Pelindungan Data PribadiICT Watch
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Data Loss Prevention in Office 365
Data Loss Prevention in Office 365Data Loss Prevention in Office 365
Data Loss Prevention in Office 365CloudFronts Technologies LLP.
 
Data Protection Officer Dashboard | GDPR
Data Protection Officer Dashboard | GDPRData Protection Officer Dashboard | GDPR
Data Protection Officer Dashboard | GDPRCorporater
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and MitigationsApril Mardock CISSP
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Symantec
 
LGPD | IMPACTOS NO DIA-A-DIA CORPORATIVO
LGPD | IMPACTOS NO DIA-A-DIA CORPORATIVOLGPD | IMPACTOS NO DIA-A-DIA CORPORATIVO
LGPD | IMPACTOS NO DIA-A-DIA CORPORATIVOWellington Monaco
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
Dlp notes
Dlp notesDlp notes
Dlp notesanuepcet
 
DPIA
DPIADPIA
DPIAMartyn Ripley
 
Data protection
Data protectionData protection
Data protectionRaviPrashant5
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 

More Related Content

What's hot

Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIRingkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIEryk Budi Pratama
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Melihat RUU Pelindungan Data Pribadi
Melihat RUU Pelindungan Data PribadiMelihat RUU Pelindungan Data Pribadi
Melihat RUU Pelindungan Data PribadiICT Watch
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Data Protection Officer Dashboard | GDPR
Data Protection Officer Dashboard | GDPRData Protection Officer Dashboard | GDPR
Data Protection Officer Dashboard | GDPRCorporater
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and MitigationsApril Mardock CISSP
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Symantec
 
LGPD | IMPACTOS NO DIA-A-DIA CORPORATIVO
LGPD | IMPACTOS NO DIA-A-DIA CORPORATIVOLGPD | IMPACTOS NO DIA-A-DIA CORPORATIVO
LGPD | IMPACTOS NO DIA-A-DIA CORPORATIVOWellington Monaco
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 

What's hot (20)

Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
 
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIRingkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTI
 
18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
 
Melihat RUU Pelindungan Data Pribadi
Melihat RUU Pelindungan Data PribadiMelihat RUU Pelindungan Data Pribadi
Melihat RUU Pelindungan Data Pribadi
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Data Loss Prevention in Office 365
Data Loss Prevention in Office 365Data Loss Prevention in Office 365
Data Loss Prevention in Office 365
 
Data Protection Officer Dashboard | GDPR
Data Protection Officer Dashboard | GDPRData Protection Officer Dashboard | GDPR
Data Protection Officer Dashboard | GDPR
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and Mitigations
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14
 
LGPD | IMPACTOS NO DIA-A-DIA CORPORATIVO
LGPD | IMPACTOS NO DIA-A-DIA CORPORATIVOLGPD | IMPACTOS NO DIA-A-DIA CORPORATIVO
LGPD | IMPACTOS NO DIA-A-DIA CORPORATIVO
 
Data protection act
Data protection act Data protection act
Data protection act
 
Dlp notes
Dlp notesDlp notes
Dlp notes
 
DPIA
DPIADPIA
DPIA
 
Data protection
Data protectionData protection
Data protection
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 

Similar to Personal Data Protection in Indonesia

Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsgppcpa
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsCillian Kieran
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptwebhostingguy
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptwebhostingguy
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewErnest Staats
 
Database Security Management
Database Security Management Database Security Management
Database Security Management Ahsin Yousaf
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 

Similar to Personal Data Protection in Indonesia (20)

Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
Asset Security
Asset Security Asset Security
Asset Security
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
Data security
Data securityData security
Data security
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical Overview
 
Database Security Management
Database Security Management Database Security Management
Database Security Management
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Security Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android AppsSecurity Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android Apps
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 

More from Eryk Budi Pratama

Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaEryk Budi Pratama
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykEryk Budi Pratama
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEryk Budi Pratama
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceEryk Budi Pratama
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Eryk Budi Pratama
 
Identity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsIdentity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsEryk Budi Pratama
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsEryk Budi Pratama
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationEryk Budi Pratama
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama
 
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?Eryk Budi Pratama
 
IT Operating Model - Fundamental
IT Operating Model - FundamentalIT Operating Model - Fundamental
IT Operating Model - FundamentalEryk Budi Pratama
 
Software Development Methodology - Unified Process
Software Development Methodology - Unified ProcessSoftware Development Methodology - Unified Process
Software Development Methodology - Unified ProcessEryk Budi Pratama
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
IT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentIT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentEryk Budi Pratama
 

More from Eryk Budi Pratama (20)

Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL Indonesia
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - Eryk
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
 
Blockchain for Accounting & Assurance
Blockchain for Accounting & AssuranceBlockchain for Accounting & Assurance
Blockchain for Accounting & Assurance
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0
 
Identity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsIdentity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOps
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT Skills
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)
 
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
IT Operating Model - Fundamental
IT Operating Model - FundamentalIT Operating Model - Fundamental
IT Operating Model - Fundamental
 
Software Development Methodology - Unified Process
Software Development Methodology - Unified ProcessSoftware Development Methodology - Unified Process
Software Development Methodology - Unified Process
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 
IT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentIT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability Assessment
 

Recently uploaded

ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened toENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened toirenelavilla52178
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
Labour legislations in India and its history
Labour legislations in India and its historyLabour legislations in India and its history
Labour legislations in India and its historyprasannamurthy6
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in SalesMelvinPernez2
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxjennysansano2
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxJFSB1
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxgurcharnsinghlecengl
 
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsRich Bergeron
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 
Choosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasChoosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasBrandy Austin
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Rich Bergeron
 
OMassmann - Investment into the grid and transmission system in Vietnam (2024...
OMassmann - Investment into the grid and transmission system in Vietnam (2024...OMassmann - Investment into the grid and transmission system in Vietnam (2024...
OMassmann - Investment into the grid and transmission system in Vietnam (2024...Dr. Oliver Massmann
 
Right to life and personal liberty under article 21
Right to life and personal liberty under article 21Right to life and personal liberty under article 21
Right to life and personal liberty under article 21vasanthakumarsk17
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesChesley Lawyer
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Rich Bergeron
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideillinoisworknet11
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 

Recently uploaded (20)

ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened toENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
ENG7-Q4-MOD3. determine the worth of ideas mentioned in the text listened to
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
Labour legislations in India and its history
Labour legislations in India and its historyLabour legislations in India and its history
Labour legislations in India and its history
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docx
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptx
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
 
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 
Choosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasChoosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in Texas
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
 
OMassmann - Investment into the grid and transmission system in Vietnam (2024...
OMassmann - Investment into the grid and transmission system in Vietnam (2024...OMassmann - Investment into the grid and transmission system in Vietnam (2024...
OMassmann - Investment into the grid and transmission system in Vietnam (2024...
 
Right to life and personal liberty under article 21
Right to life and personal liberty under article 21Right to life and personal liberty under article 21
Right to life and personal liberty under article 21
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guide
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 

Personal Data Protection in Indonesia

  • 1. 11 PERSONAL DATA PROTECTION Eryk B. Pratama, S.Kom, M.M, M.Kom Data Privacy & Cyber Security Consultant at Global Consulting Firm Komunitas Data Privacy & Protection Indonesia (t.me/dataprotectionid) https://medium.com/@proferyk & https://slideshare.net/proferyk Universitas Negeri Makassar Regulation and Technical Aspects
  • 2. Agenda 01 Setting-up the Context 02 Regulation Aspects 03 Technical Aspects 04 Cyber Hygiene Implementation
  • 3. A perspective on data breaches - Indonesia Setting-up the Context https://www.cnnindonesia.com/teknologi/20200506065657-185-500477/13-juta-data-bocor- bukalapak-dijual-di-forum-hacker https://tekno.kompas.com/read/2020/05/10/21120067/hacker-klaim-punya-data-12- juta-pengguna-bhinnekacom?page=all https://www.thejakartapost.com/news/2020/05/04/tokopedia-data-breach-exposes- vulnerability-of-personal-data.html https://www.thejakartapost.com/news/2019/09/19/lion-air-leak-puts-data- protection-in-spotlight.html Key Information Security Controls ▪ System configuration ▪ Access management ▪ Third party risk ▪ Human risks (Carelessness)
  • 4. A perspective on misuse of data - Indonesia Setting-up the Context https://www.cnnindonesia.com/nasional/20200711053527-20-523446/data-pribadi- bocor-denny-siregar-bakal-gugat-telkomsel https://www.cnnindonesia.com/nasional/20200711053527-20-523446/data-pribadi-bocor- denny-siregar-bakal-gugat-telkomsel
  • 5. Case Study – Personal Data Breach via Vulnerable Web Application
  • 6. Data Privacy vs Data Protection Ethics & Regulation Information Security Control
  • 7. Bring it in one page Setting-up the Context Regulation Technical Aspects EU General Data Protection Regulation (GDPR) US California Consumer Protection Act (CCPA) RUU Perlindungan Data Pribadi (RUU PDP) Pre-Breach Identity & Access Management Data Loss/Leakage Prevention Privilege Access Management Cyber Hygiene During & Post Breach Incident Management Crisis Management PP 71 2019 - PSTE Peraturan Kominfo No 20 2016 - Data Pribadi pada PSE
  • 9. RUU Perlindungan Data Pribadi Regulation Aspects Key Highlight ▪ Explicit Consent is required from the data owner for personal data processing. ▪ Responding timelines for Data subject rights have been separately called out in the RUU PDP. ▪ Data controller to notify the data owner and the Minister within 3 days of data breach. ▪ Penalties for non-compliance may range from Rp 20 Billion to Rp 70 Billion or Imprisonment ranging from 2 to 7 years Data Owner Data Controller Data Processor Data Protection Officer
  • 10. Data Owner – Pemilik Data Pribadi Regulation Aspects Hak Pemilik Data Pribadi Pasal Deskripsi Pasal 4 meminta Informasi tentang kejelasan identitas, dasar kepentingan hukum, tujuan permintaan dan penggunaan Data Pribadi, dan akuntabilitas pihak yang meminta Data Pribadi. Pasal 5 melengkapi Data Pribadi miliknya sebelum diproses oleh Pengendali Data Pribadi. Pasal 6 mengakses Data Pribadi miliknya sesuai dengan ketentuan peraturan perundang-undangan. Pasal 7 memperbarui dan/atau memperbaiki kesalahan dan/atau ketidakakuratan Data Pribadi miliknya sesuai dengan ketentuan perundang-undangan. Pasal 8 mengakhiri pemrosesan, menghapus, dan/atau memusnahkan Data Pribadi miliknya. Pasal 9 menarik kembali persetujuan pemrosesan Data Pribadi miliknya yang telah diberikan kepada Pengendali Data Pribadi Pasal 10 mengajukan keberatan atas tindakan pengambilan keputusan yang hanya didasarkan pada pemrosesan secara otomatis terkait profil seseorang (profiling). Pasal 11 memilih atau tidak memilih pemrosesan Data Pribadi melalui mekanisme pseudonim untuk tujuan tertentu Pasal 12 menunda atau membatasi pemrosesan Data Pribadi secara proporsional sesuai dengan tujuan pemrosesan Data Pribadi Pasal 13 menuntut dan menerima ganti rugi atas pelanggaran Data Pribadi miliknya sesuai dengan ketentuan peraturan perundang-undangan.
  • 11. Data Controller – Pengendali Data Pribadi Regulation Aspects Kewajiban Data Controller Pasal Deskripsi Pasal 24 ▪ wajib menyampaikan Informasi mengenai legalitas dari pemrosesan , tujuan pemrosesan , jenis dan relevansi pemrosesan, periode retensi dokumen, rincian informasi yang dikumpulkan, dan jangka waktu pemrosesan data ▪ menunjukkan bukti persetujuan yang telah diberikan oleh Pemilik Data Pribadi Pasal 25 wajib menghentikan pemrosesan Data Pribadi dalam hal Pemilik Data Pribadi menarik kembali persetujuan pemrosesan Data Pribadi Pasal 27 wajib melindungi dan memastikan keamanan Data Pribadi yang diprosesnya dengan melakukan: ▪ penyusunan dan penerapan langkah teknis operasional untuk melindungi Data Pribadi ▪ penentuan tingkat keamanan Data Pribadi dengan memperhatikan sifat dan risiko dari Data Pribadi yang harus dilindungi dalam pemrosesan Data Pribadi Pasal 28 wajib melakukan pengawasan terhadap setiap pihak yang terlibat dalam pemrosesan Data Pribadi Pasal 29 wajib memastikan pelindungan Data Pribadi dari pemrosesan Data Pribadi yang tidak sah Pasal 36 wajib melakukan pemrosesan Data Pribadi sesuai dengan tujuan pemrosesan Data Pribadi yang disetujui oleh Pemilik Data Pribadi. (Explisit / Implicit Consent) Pasal 38 Pasal 39 Penghapusan dan pemusnahan data pribadi
  • 12. Data Masking Regulation Aspects Encryption Tokenization Anonymization Pseudonymization Source: https://teskalabs.com/blog/data-privacy-pseudonymization-anonymization-encryption Pseudonymized Anonymized
  • 13. Data Masking - Tokenization Regulation Aspects Source: https://blog.thalesesecurity.com/2015/02/05/token-gesture-vormetric-unveils-new-tokenization-solution/ No sensitive data is stored in the production database
  • 15. Information Security Complexity – Reference Architecture Technical Aspects Source: https://www.opensecurityarchitecture.org/cms/library/patternlandscape
  • 16. Information Security Complexity - Example Technical Aspects Source: https://gallery.technet.microsoft.com/Cybersecurity-Reference-883fb54c
  • 17. From Simply Managing Identities to Managing Complex Relationships Technical Aspects – Identity & Access Management Identity Access Management Identity Relationship Management Source: Forrester Research
  • 18. Simplifying the complexity Technical Aspects – Identity & Access Management Authoritative/Trusted Source Middleware / Identity Management Solution Target System HR Data IDM Solution Active Directory Email Server ERP Others Applications Provisioning Reconciliation Create,Update,Revoke
  • 19. Access Management Basic Process Technical Aspects – Identity & Access Management Receive Request Verification Provide Rights Log and Track Access ▪ Change requests ▪ Services requests ▪ HR requests ▪ App / Script requests ▪ Valid user ? ▪ Valid request ? ▪ Request access ? ▪ Remove access ? ▪ Provide access ▪ Remove access ▪ Restrict access ▪ Check and monitor identity status ▪ Violations to Incident Management Process Business Rules, Policies, Procedures, Controls ISMS
  • 20. Data Loss/Leakage Prevention Solution Technical Aspects – Data Loss Prevention A Data Loss Prevention (DLP) solution typically incorporates people, process, and technology to protect sensitive data traversing throughout an organization. Data within an organization is often categorized and protected by DLP in the following three different forms: Data in Motion Data at Rest Data in Use Data that is transmitted or moved, both through electronic or non-electronic means. Data that is actively traveling on a network, such as email or web traffic. Data that resides on a stable medium, including servers, network shares, databases, individual computers, and portable media. Data that has been obtained and are being processed or actively used. Typically, referring to data on end-user computing device or host systems. Structured Data Unstructured Data Semi-structured Data Data commonly stored in databases or applications Exists in filesystems or documents Examples of such data format types include email Data Type
  • 21. Incident Management Definition Technical Aspects – Incident Management What is an IT incident? An IT incident is any disruption to an organization's IT services that affects anything from a single user or the entire business . In short, an incident is anything that interrupts business continuity. What is IT incident management? Incident management is the process of managing IT service disruptions and restoring services within agreed service level agreements (SLAs). The scope of incident management starts with an end user reporting an issue and ends with a service desk team member resolving that issue. Analyst Incident Responder Digital Forensic Incident Escalation Layer 1 (L1) Layer 2 (L2) Layer 3 (L3) Incident Classification MediumHigh Low Incident Prioritization Critical High Medium Low
  • 23. Implement Cyber Hygiene as Foundational Action Key Takeaways What is Cyber Hygiene? Cyber hygiene refers to steps taken by users to maintain the health of their computers and devices and improve online security to prevent the theft or corruption of data. Cyber Hygiene Practices 1. Keep an inventory of the hardware and software on your network 2. Install reputable antivirus and malware software 3. Conduct cybersecurity education and awareness activities 4. Update and patch software regularly 5. Regularly back up your data and keep multiple copies 6. Limit the number of employees who have administrative privileges 7. Establish an incident response plan. 8. Establish network security and monitoring 9. Perform regular vulnerability assessment and secure configuration review 10.Implement some controls to protect and recover data if a breach occurs Keep update with regulation and cyber threat
  • 24. Cyber Hygiene in Public Environment Key Takeaways Check Legitimate WIFI ID/SSID Be careful with piggyback/tailgating Don’t click malicious pop-up and URL Use VPN (if possible)
  • 25. Staying Safe when Online Key Takeaways Use secured personal device Activate pop-up/Ad blocker Activate private / incognito mode Use VPN (if possible) Use strong/complex password Make Online Purchases From Secure Sites Be Careful on What You Access & Download
  • 26. Thank You ☺ https://medium.com/@proferyk https://www.slideshare.net/proferyk IT Advisory & Risk (t.me/itadvindonesia) Data Privacy & Protection (t.me/dataprivid) Komunitas Data Privacy & Protection (t.me/dataprotectionid)