Reviewing the Portability of Personal Data

Law Number 27 of 2022 concerning Protection of Personal Data or the PDP Law which was passed on 21 Sept. 2022 has become a strong legal basis for personal-data protection. The PDP Law defines three main parties in the context of personal-data protection. First, the subject of personal data as a person to whom personal data is attached. Second, the personal data controller as a party acting in determining the purpose and exercising control over the processing of personal data. Third, the personal-data processor is the party that processes personal data on behalf of the personal-data controller.

As an illustration, if we are customers of a bank, we are the subject of personal data, while the bank is the controller of personal data. If the bank appoints another party to help process personal data, that party becomes the personal-data processor.