Navigating Personal Data Protection in Indonesia: Insights from Indonesia AirAsia's ICT Head
Indonesia is gearing up for the enforcement of Personal Data Protection (PDP) regulation in October, organisations across the nation are working hard to ensure compliance.
Corinium’s Eleen Meleng recently spoke with Indra Sabar Adillah, Head of ICT at Indonesia AirAsia, to understand the challenges and strategies surrounding PDP implementation. His insights shed light on the broader landscape of data protection and the steps organisations must take to safeguard personal data.
Getting Management on Board
One of the biggest hurdles Adillah highlighted is getting management buy-in for PDP initiatives. While there's a general understanding of cybersecurity concepts, convincing management at both the group and local levels of the tangible impact and necessity of PDP measures remains a struggle. "The concept of cybersecurity is understood but translating that understanding into actionable commitment and resources for PDP initiatives is challenging," Adillah explained. This disconnect underscores the need for clear communication and education to bridge the gap between understanding and action.
Uncertainty in Implementation and Compliance
With the PDP regulation's enforcement date looming, organisations are faced with the daunting task of ensuring compliance. Adillah expressed concern about the current visibility of compliance status and the readiness of systems to meet the new regulations. "There's a significant level of uncertainty regarding our preparedness. We need thorough testing and collaboration with solution providers to ensure we meet the regulatory requirements," he said. This sentiment resonates across industries in Indonesia, highlighting the widespread need for comprehensive readiness assessments and proactive measures to achieve compliance.
Shared Challenges Across Industries
The difficulties faced by Indonesia AirAsia in implementing PDP are not unique. Adillah noted that similar challenges are prevalent across various industries in the country. Many organizations are still grappling with the necessary adjustments and implementations to comply with the PDP Act. This shared struggle emphasizes the need for industry-wide collaboration and knowledge sharing to navigate the complexities of PDP compliance effectively.
Preparing for Enforcement: Potential Repercussions
As the enforcement of the PDP regulation approaches, the potential repercussions of non-compliance loom large. Adillah expressed worry about the consequences, including public exposure and embarrassment for companies failing to comply. "There's a fear of non-compliance leading to public embarrassment. This situation is exacerbated by the cultural mentality towards breaches and the existing gaps in preparedness and response strategies," he cautioned. This highlights the urgency for organisations to prioritize PDP compliance, not only to avoid penalties but also to protect their reputations and build trust with stakeholders.
A Call to Action
Implementing Personal Data Protection in Indonesia is a critical step toward enhancing data security and privacy. However, as Adillah's insights reveal, achieving compliance is fraught with challenges that require concerted effort and collaboration. For information security, data analytics, and industry leaders, the path forward involves securing management buy-in, conducting thorough readiness assessments, and fostering a culture of proactive compliance.
As we move toward the enforcement of the PDP regulation, it is imperative for organisations to take decisive action. By addressing these challenges head-on and leveraging industry knowledge, companies can navigate the complexities of PDP implementation and ensure they are well-prepared to safeguard personal data in this new regulatory landscape.
If you have a story to tell about information security or cybersecurity in Indonesia, we would like to hear from you! Join us at CISO Indonesia 2024 by getting in touch with Eleen Meleng.