Leveraging Frameworks for Effective Data ProtectionExperts From Indonesia Share Best Practices to Meet Privacy Requirements
Indonesian data protection experts recommend understanding the types of personal data collected and their purpose, and they urge companies to leverage established frameworks such as NIST and ISO 27701. Farly Halim, CISO for Asia, Middle East and Africa at Sodexo; Andang Nugroho, president of the ISC2 Jakarta Chapter; and Indra Adillah, head of ICT at Air Asia Indonesia; emphasized the need to align these frameworks with the regulations of each country.
"We should not reinvent the wheel because there are many working well-established frameworks out there. For example - NIST privacy framework, ISO 27701. We can use the existing framework available," Halim said.
"However, it is not simply picking the framework and applying it to your organization. One should know the regulations of the country [you're] operating in," he said.
Andang said the first step every company must take is to identify the kinds of personal data it has and for what purpose the data is being collected. "It is important to remove the data once the purpose is fulfilled," he said.
In this video interview with the Information Security Media Group, Halim, Nugroho and Adillah discussed:
- Best practices organizations can follow to meet privacy requirements;
- How AI can help meet support compliance;
- How to establish a culture of accountability for data handling.
Halim has more than 12 years of experience in technology and cybersecurity. Before joining Sodexo, he served as information security lead at AXA Group in Indonesia.
Adillah is a cybersecurity enthusiast who has a history of improving security procedures and successfully carrying out revolutionary projects.
Nugroho has more than 20 years of experience in information technology in Indonesia, with a specific focus and interest in cybersecurity. He holds CISSP and CCSP certifications from ISC2 and is an authorized trainer for both. He has experience in IT transformation and security in a variety of industries including banking, insurance, capital markets, and oil and gas.