UU Personal Data Protection and ISO/IEC Standard Consultation 27701:2019

Organizations that actively gather and manage sensitive data may need to make adjustments due to the publication of legislation on personal data protection. The ISO/IEC 27701:2019 standard is an organized set of instructions for managing privacy information for a company with a global reputation.

ISO/IEC 27701:2019 standard is an extension of ISO/IEC 27001:2022 regarding information security systems. A basic explanation of the evaluation of a company’s infrastructure controls in security, privacy/data protection, and business continuity standards may be found in ISO/IEC 27701:2019. According to ISO standards and best practices, we might need to implement a new solution.

Why We Need Implementing ISO/IEC 27701:2019?

Target Industry

Those sectors are required to ensure the security of data that is regularly managed for business purposes, and this is further encouraged by the existence of several Indonesian regulations that demand ISO/IEC 27001:2022 certification (for instance, the Minister of Communication and Informatics, POJK, PBI, and Government Regulations of the Republic of Indonesia).


As a regulatory provider


Industries subject to Indonesian rules whereby they apply ISO/IEC 27001:2022


Securing patient data


KOMINKO ministerial regulation No.12 of 2016


KOMINKO ministerial regulation No.36 of 2014


Organization that accredited to ISO 27001:2013

ISO/IEC 27701:2019 Implementation Requirements + UU Personal Data Protection

Organizations must design, develop, and implement an ISMS in line with pertinent national and international standards and legislation, such as the UU Personal Data Protection, in order to comply with ISO/IEC 27701:2019. Prior to being able to comply with privacy information management regulations, enterprises must first establish compliance with the ISMS standard ISO 27001:2013.

The good news is that firms that are already in compliance with ISO/IEC 27001:2013 will only need to perform a few more activities. This also contains a second risk analysis that takes additional measures into account.


Do you have additional questions?

The issuance of regulations on Personal Data Protection is mandatory for companies to protect and manage personal data.

This standard begins to need to be implemented to comply with the UU Personal Data Protection which was passed on October 17, 2022.

-First Assessment
-Management Commitment
-Implementation Team Development
-Scope Determination
-Determination of Information Security Policy and Objectives
-Risk Identification
-Protection and Risk Reduction
-Development and Implementation of Controls
-Awareness and Training
-Internal Auditing
-Performance Monitoring and Measurement
-External Audit and Certification
-Continuous Maintenance and Improvement: Continuously maintain and repair the ISMS in accordance with changes in the organization and business environment.

Depending on the requirements of the business, at least four months for implementation

Contact Us

Contact Us

What happens next?

Roni Sulistyo Sutrisno

Andrianto Moeljono

Erma Rosalina

Andriyanto Suharmei

Ajeng Diana Dewi Mursyidi


    Pendaftaran Komunitas

    Contact Us