The Top 10  Most Difficult Countries for Identity Verification

The Top 10  Most Difficult Countries for Identity Verification

Download Report

    n-img-roi-cross

    Before You Go, Schedule Your Free Demo Today

    Valid Invalid number


    Note: Fields marked with an asterisk(*) are mandatory.

    n-exit-img-roi-cross

    Thank you for your demo request

    We appreciate your interest and look forward to discussing how our solution can meet your needs. Expect to hear from us shortly with scheduling details.

    Close

    us

    54.225.199.17

    Indonesia’s First-ever Comprehensive Law on Data Privacy – the PDP Bill

    sp infographic 26th july 2021-02

    Being the largest economy in Southeast Asia, Indonesia is experiencing enormous growth in the digital ecosystem. By 2020, the country had 338.2 million mobile connections, 175.4 million internet users, and 160.0 million social media users. However, this growth has introduced challenges for ensuring personal data protection (PDP). 

    With personal data leaks, data thefts, and ID fraud becoming a recurring problem, the Indonesian government submitted the PDP Draft Bill to the Chairperson of the Indonesian House of Representatives in 2020. The bill is set to become law later this year, introducing key updates such as data transfer rules, ownership rights, data processing guidance and much more. This blog will shed a light on the highlights of the PDP bill. 

    Why is the Indonesian PDP Law Important? 

    While there are several personal data protection laws existing in the country, they remain scattered under various regulations. The main point of reference for data protection is the Law on Electronic Information and Transactions in Indonesia. The PDP law will become the first Indonesian law that includes specific, comprehensive guidance regarding the protection of personal data via both, electronic and non-electronic systems. 

    Secondly, it should be noted that the legislation is based on the EU’s General Data Protection Regulation (GDPR). This means that businesses and consumers within Indonesia will be subject to the same data rights and processing procedures as the EU.  

    Who Does it Apply to?

    The Personal Data Protection law will be applicable to all business entities that deal with the personal data of Indonesian citizens, regardless of their geographical location. These business entities can fall in either category, private or public sector, whether located aboard or within Indonesia. The primary aim of the law is to protect all sensitive information being processed manually or digitally by individuals or corporations. 

    Key Takeaways of the PDP Law

    Indonesia’s updated data protection bill will soon be introducing changes to revamp the country’s data privacy rules. Here is a brief summary of the PDP law.

    sp infographic 26th july 2021-01-01-01

    1- Personal Data Definition and Categories

    The definition of personal data mirrors the definition provided by the EU’s General Data Protection Regulation. Additionally, the type of data has been subdivided into two main categories; general and specific.

    • General Personal Data: This includes data such as an individual’s full name, age, religion, and citizenship ​which is collected for the purpose of identity verification.
    • Specific Personal Data: This type of data includes financial information, healthcare data, biometric information, genetic data, life/sexual orientation, political stance, criminal records, child data, and so on. 

    2- Rights of Personal Data Owners

    While the rights of personal data owners were not explicitly explained previously, the updated draft outlines eleven rights, similar to the ones mentioned under the GDPR. This includes the right to terminate the processing of personal data, deletion of personal data, the right to sue and receive compensation over data privacy violations, and much more. 

    3- Identification of Key Roles

    The PDP law separates the roles of “data controller” and “data processor”. 

    • Personal Data Controller (PDC): This is the party responsible for determining the purpose of collecting data, processing the personal data, and defining its retention period. Before data processing begins, the PDC is required to obtain consent from the Personal Data Owner, either in written or recorded form. 
    • Personal Data Processor (PDPr): This party processes the information collected on the behalf of the data controller. 

    4- Appointment of a Data Protection Officer

    To ensure that the data collected is being used for public service, both the PDC and PDPr are required to appoint a data protection officer. In addition to this, the data protection officer will also be responsible for ensuring the PDC implements activities for regular monitoring of personal data and the processing of large-scale personal data related to criminal offences.

    5- Transfer of Personal Data 

    The transfer of personal data between two PDCs have been permitted, provided that the consent has been obtained from the personal data owner and the transfer is done in accordance with the PDP Bill. For transferring data outside Indonesia, two requirements need to be met. Firstly, the receiving country must have a law equivalent to, or higher than the PDP bill. Secondly, there must be a treaty between the receiving country and Indonesia. 

    6- Administrative and Criminal Sanctions

    Two types of sanctions have been introduced for parties that fail to comply with the PDP Bill. These include the following:

    • Administrative Sanctions:  forms: a written warning, temporary halt of processing personal data, deletion or destruction of personal data, compensation, and administrative fines. 
    • Criminal Sanctions: Misconduct of personal data privacy can lead to imprisonment for up to seven years and confiscation of assets, on top of fines up to 70 Billion IDR (US$4.8 million). 

    How To Maintain Compliance with the Personal Data Protection Bill 

    To stay compliant with the PDP bill, entities will be given two years to implement necessary policies and procedures. The following action plans can be implemented to stay compliant.

    • Review the current data protection procedures to ensure end-to-end data protection
    • Review current contracts/consent with customers to include all the necessary clauses, such as the data owner’s rights, data transfer regulations, obligations when processing personal data, etc. 
    • Assess the business processes to ascertain the implementation of adequate procedures
    • Ascertain proper implementation of PDP law by third parties to secure the collection and processing of personal data
    • Invest in RegTech technologies and software to streamline compliance with regulatory requirements by automating compliance procedures 

    Summing it up

    The GDPR-influenced Personal Data Protection Bill is soon to be introduced this year and is set to become Indonesia’s first comprehensive law on data privacy. This is a step in the right direction, given the vast crimes committed through breach of confidential data. By acknowledging the rights of the stakeholders involved, introducing precise sets of definitions, and presenting non-compliance penalties, the PDP bill is on its way to becoming one of the strongest data privacy laws among the fourteen Asian countries which currently have such laws in place. 

    Need more information? Talk to our experts!

    Related Posts

    Blog

    Smart Growth in Uncertain Times: Powered By Shufti

    Just five years ago at the onset of the COVID-19 pandemic, the global economy was struck by the h...

    Smart Growth in Uncertain Times: Powered By Shufti Explore More

    Blog

    AI Document Verification 2025

    Why This Matters in 2025 Digital onboarding is booming, but so is document fraud. The global iden...

    AI Document Verification 2025 Explore More

    Blog

    How to Combat Document Forgery in 2025 and Beyond

    Why This Update Matters Digital document forgery is no longer a fringe threat it strikes every fi...

    How to Combat Document Forgery in 2025 and Beyond Explore More

    Blog

    Age Verification Laws & Regulations Worldwide: 2025 Update

    Introduction Online platforms now face unprecedented pressure to prove users’ ages. From preventi...

    Age Verification Laws & Regulations Worldwide: 2025 Update Explore More

    Blog

    Expanding the UX Lens with Lisa Kleinman

    Creating a UX experience can feel like a paradox: users are more diverse than ever, yet they expe...

    Expanding the UX Lens with Lisa Kleinman Explore More

    Blog

    Inside Innovation at Shufti: Visual Heatmaps That Help Instantly Spot Document Tampering 

    In the complex landscape of identity fraud, the smallest details can make the biggest difference....

    Inside Innovation at Shufti: Visual Heatmaps That Help Instantly Spot Document Tampering  Explore More

    Blog

    Verifying identity in India

    Verifying identity in India Explore More

    Blog

    From Abandoned Carts to Loyal Customers: Rethinking the Onboarding Experience

    Website abandonment is a silent revenue killer for online businesses. Whether it’s an unfin...

    From Abandoned Carts to Loyal Customers: Rethinking the Onboarding Experience Explore More

    Blog

    Smart Growth in Uncertain Times: Powered By Shufti

    Just five years ago at the onset of the COVID-19 pandemic, the global economy was struck by the h...

    Smart Growth in Uncertain Times: Powered By Shufti Explore More

    Blog

    AI Document Verification 2025

    Why This Matters in 2025 Digital onboarding is booming, but so is document fraud. The global iden...

    AI Document Verification 2025 Explore More

    Blog

    How to Combat Document Forgery in 2025 and Beyond

    Why This Update Matters Digital document forgery is no longer a fringe threat it strikes every fi...

    How to Combat Document Forgery in 2025 and Beyond Explore More

    Blog

    Age Verification Laws & Regulations Worldwide: 2025 Update

    Introduction Online platforms now face unprecedented pressure to prove users’ ages. From preventi...

    Age Verification Laws & Regulations Worldwide: 2025 Update Explore More

    Blog

    Expanding the UX Lens with Lisa Kleinman

    Creating a UX experience can feel like a paradox: users are more diverse than ever, yet they expe...

    Expanding the UX Lens with Lisa Kleinman Explore More

    Blog

    Inside Innovation at Shufti: Visual Heatmaps That Help Instantly Spot Document Tampering 

    In the complex landscape of identity fraud, the smallest details can make the biggest difference....

    Inside Innovation at Shufti: Visual Heatmaps That Help Instantly Spot Document Tampering  Explore More

    Blog

    Verifying identity in India

    Verifying identity in India Explore More

    Blog

    From Abandoned Carts to Loyal Customers: Rethinking the Onboarding Experience

    Website abandonment is a silent revenue killer for online businesses. Whether it’s an unfin...

    From Abandoned Carts to Loyal Customers: Rethinking the Onboarding Experience Explore More

    Take the next steps to better security.

    Contact us

    Get in touch with our experts. We'll help you find the perfect solution for your compliance and security needs.

    Contact us

    Request demo

    Get free access to our platform and try our products today.

    Get started