Author:
Algamar Muhammad Deckri,Ismail Noriswadi
Abstract
The enactment of the Indonesian Personal Data Protection (PDP) Law is in line with the nation’s position as the most promising digital economy in Southeast Asia. The PDP Law, amongst others, introduces Data Subject Access Request (DSAR), a cornerstone mechanism to exercise data subject rights mirroring the European Union General Data Protection Regulation (GDPR). However, major causes of DSAR failure are predominantly triggered by resource constraint, lack of fundamental understanding, and technical gap when responding to such requests. In practice, DSAR management is time consuming and taxing since organisations shall manage numerous and complex requests within a tight timeline. By way of comparative analysis, we explore the concept of data subject rights, specifically the Rights to Access. Through observations and constructive responses by global data protection professionals, academics and non-lawyers, this paper alluded that similar failure scenario might occur in Indonesia when PDP Law grace period ended in 2024 – if the causes are not addressed and mitigated. Apropos, in safeguarding data subjects’ right, we assert that DSAR under the PDP law might bring disproportionate impracticality, hence there is demand for a robust consultation and holistic regulatory implementation. We also propose to consider a harmonized DSAR ASEAN framework for future proofing cross-border payment, in 2024 and beyond.
Publisher
Bank Indonesia, Central Banking Research Department
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献