Governance & Risk Management , Privacy , Standards, Regulations & Compliance

Leveraging Frameworks for Effective Data Protection

Experts From Indonesia Share Best Practices to Meet Privacy Requirements
Indra Adillah, Air Asia; Farly Halim, Sodexo; and Andang Nugroho, ISC2 Jakarta Chapter

Indonesian data protection experts recommend understanding the types of personal data collected and their purpose, and they urge companies to leverage established frameworks such as NIST and ISO 27701. Farly Halim, CISO for Asia, Middle East and Africa at Sodexo; Andang Nugroho, president of the ISC2 Jakarta Chapter; and Indra Adillah, head of ICT at Air Asia Indonesia; emphasized the need to align these frameworks with the regulations of each country.

See Also: The Biggest & Boldest Data Breaches & Insider Threats of 2023

"We should not reinvent the wheel because there are many working well-established frameworks out there. For example - NIST privacy framework, ISO 27701. We can use the existing framework available," Halim said.

"However, it is not simply picking the framework and applying it to your organization. One should know the regulations of the country [you're] operating in," he said.

Andang said the first step every company must take is to identify the kinds of personal data it has and for what purpose the data is being collected. "It is important to remove the data once the purpose is fulfilled," he said.

In this video interview with the Information Security Media Group, Halim, Nugroho and Adillah discussed:

  • Best practices organizations can follow to meet privacy requirements;
  • How AI can help meet support compliance;
  • How to establish a culture of accountability for data handling.

Halim has more than 12 years of experience in technology and cybersecurity. Before joining Sodexo, he served as information security lead at AXA Group in Indonesia.

Adillah is a cybersecurity enthusiast who has a history of improving security procedures and successfully carrying out revolutionary projects.

Nugroho has more than 20 years of experience in information technology in Indonesia, with a specific focus and interest in cybersecurity. He holds CISSP and CCSP certifications from ISC2 and is an authorized trainer for both. He has experience in IT transformation and security in a variety of industries including banking, insurance, capital markets, and oil and gas.

About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.