A lot of people have been realizing that privacy is important therefore data security awareness has been supported by Indonesian Government. The government decided to impose fines with a maximum and minimum nominal for companies that leak user personal data.
The Institute for Policy Research and Advocacy (ELSAM) said that this decision was made on consideration of the many startup companies in Indonesia that had not yet made a profit. It is an open secret that the newly developed startups in Indonesia have not yet produced money. They only use money from investors or burn money.
Fines on social media or electronic platforms are contained in the Draft Law on Personal Data Protection (PDP). This penalty is imposed on companies that violate PDP rules, especially those that cause personal data leakage and poor data security awareness. The PDP bill follows the General Data Protection Regulations (GDPR) that applies in the European Union.
GDPR regulates fines of up to four percent of total global income. Of course this fine will be less optimal because there are still many startup companies in Indonesia that have not yet benefited. Therefore, adjustments to the GDPR fine are used in Indonesia.
How We Can be Critical with Our Data
The GDPR is fine, from 2 percent to 4 percent of the company’s gross profit. Then it becomes difficult to determine what the profits will be when all the money spent is investment money for investors. Therefore in the design, the fine will be in the form of minimum and maximum values that will be imposed on the company.
As currently in Indonesia startup companies have not made a profit and burned money to provide promotions and discounts. If there is a failure in the protection of personal data or data security awareness, the mechanism will be used with a fixed fine mechanism. For example, the amount is IDR 200 million, IDR 400 million or IDR 1 billion.
We are supposed to be critical with your data possession. As mentioned by The Ministry of Communication and Information that the public needs to be critical when they have to provide personal data, we must know the purpose of the company asking for personal data so that we can support data security awareness.
Companies Should Ask Consent
When it comes to the companies, every company must also ask for consent to the user from the beginning when they want to request personal data. The company must explain the purpose of taking personal data. Socialization must be given because the data is given by the community.
So data security awareness must be critical. You must be able to think why borrowing applicators should request contact data. Personal data is a right that must be safeguarded. Do not want to share data, do not let there be new problems to the government.
It is recommended that users do not provide personal data in the form of telephone numbers because they have violated privacy. Someone should not provide other people’s personal data. Usually other people’s personal data is used as emergency contacts. If he asks for a contact profile, he must also contact other people.
That is not allowed unless he asks for permission first. All companies must be as transparent as possible when they want to suck up data. Companies are required to ask users for permission to retrieve data and provide reasons to retrieve the data to support data security awareness.