Indonesia has progressively tightened its data protection laws in recent years, with a large focus on the financial services sector. According to one executive DCD spoke to last year, new regulations on the use of data are “very detailed”.

And though Indonesia’s Internet penetration of 50 percent lags slightly behind the average of 58 percent in Southeast Asia, its hefty population of more than 260 million gives it the largest base of Internet users in the region. Given how data centers are traditional custodians of digital data, this obviously impacts the rapidly expanding data center sector in the country.

Local banks

As we reported previously, some data centers and service providers were caught off guard by the implementation of Government Regulation 82 in 2012 (PP82/2012), which ruled that Indonesians’ financial data should be housed within Indonesia. Additional guidelines stipulated in 38/POJK.03/2016 meant that the Financial Services Authority must be kept appraised of providers and given them the ability to audit service providers directly.

For local banks, this means that any reliance on cloud services overseas will have to be re-evaluated, while overseas data centers will have to be redeployed within Indonesia. But in a country where affordable land makes it relatively trivial to build one’s own data center, the stringent requirements also served as an implicit nod towards outsourced data centers that meet higher standards.

Despite the work involved, compliance by local banks remains a matter of proper planning and implementation. But what do these data protection regulations mean for foreign banks operating in Indonesia? Won’t the need to adhere to the rules be onerous for financial institutions with a presence in multiple countries – and indirectly harm investments into the country?

Foreign banks

Foreign banks typically adopt the same set of controls that are adopted in their home country, observed Frenky Tjioe. He currently heads up information security governance and compliance at the largest e-commerce company in Southeast Asia.

Tjioe, who will be making a presentation at the upcoming DCD>Indonesia conference to be held in Jakarta next month, was drawing on his experience working at various Indonesian banks in the past. But how would these foreign financial institutions ensure that they comply with the data protection regulations in Indonesia?

One possibility may be to delineate the type of data that falls within the remit of the various data protection regulations. This will offer these organizations greater clarity and give them a way to more easily comply with the regulations and continue operating in Indonesia.

Regardless, financial institutions can expect the data protection regulations to eventually be strongly enforced across the board, says Andreuw Th.A.F, the CEO of Telin Singapore. Andreuw was the director of business data center at telkomsigma, a wholly owned subsidiary of Telkom Indonesia, prior to his posting to Singapore. Speaking to DCD, he expressed confidence that the regulations will be implemented in a way that will not alienate investors in Indonesia.

The road ahead

While it may take some time yet for the regulations to percolate across the financial institutions in the country, there are signs that the increased importance of data is slowly but surely changing how data is stored and protected in the region’s most populous country.

Tjioe observed that industry players in developed countries tend to adopt best practices before the regulators do, while the mentality in others is to wait for the government “to lead”.

“However, I see the increasing trend that players in Indonesia are keen with best practices to attract businesses beyond just regulatory requirements, whether in access control, physical security, network security, IT operations security, [and] auditing standards,” he said.

“[I see an increase in investment] in the form of training both the in-house experts and end users, as well as investing in adoption of the tools and practices.”

What’s Next? Join us at DCD>Indonesia.

Join 500 key contributors across the IT stack at The Ritz-Carlton (Mega Kuningan), Jakarta on April 5 to hear from 30 thought leaders on how to leverage the power of next-gen data centers and cloud infrastructure in response to increasing storage requirements with rapidly rising data consumption rates. Featuring speakers from Southeast Asia’s largest e-commerce company, Berrykitchen.com, University of Indonesia and more.

DCD events operate on a ‘free-to-attend, by invitation’ model for qualified end-user business executives, managers and technical professionals directly engaged with IT, data center and cloud infrastructure. If your company operates its own on/off premise data center(s), or if you are a significant end-user of data center and cloud services and are involved in technology planning, procurement, implementation, and operations, then you may qualify. Click here to find out which pass you qualify for and register for the conference.

For further enquiries, please contact us at apacteam@datacenterdynamics.com

Data protection in Indonesia

Local banks

Foreign banks

The road ahead

Tags

The make vs. buy decision for data center infrastructure management software – A clear choice

2023 Data Center Market Trends: Hong Kong Asia's Connectivity Hub

Emerging Energy Storage Technologies

Success story: Kao Data and Cadence