Process of Implementing Personal Data Protection
Bank Mandiri
implements customer protection regulations for all financial products, whether
through branch or digital account openings. The bank prioritizes transparency in
data usage for banking transactions and adheres to relevant data security
regulations. Additionally, in digital transactions, Bank Mandiri provides a dual
authentication process using face recognition and biometric systems to ensure
enhanced security. Bank Mandiri employs Data Loss Prevention (DLP) solutions
across all its products to mitigate the risk of cyber threats to customers'
personal data. The bank consistently updates its security regulations in
accordance with best practices, relevant regulations, and current trends.
During the reporting period, Bank Mandiri conducted internal reviews and issued
a Risk Formation assessment. The Director of Information Technology is tasked
with developing strategies and defining measures to fulfill obligations
stipulated in the Personal Data Protection (PDP) Law. This includes appointing
PDP officials/officers, providing a Record of Processing Activity, and
conducting Data Protection Impact Assessments. The bank has initiated programs
encompassing metadata management, data quality updates and enhancements,
adaptation to regulations, and readiness for customer requirement adjustments.
Additionally, the company offered training for implementing personal data
protection through online and in-person courses organized by Mandiri University
Group.
To bolster the enforcement of personal data protection in compliance with the
PDP Law, Bank Mandiri has revised its policies in 2023, mandating the
application of personal data protection principles to all services, products,
and offerings provided to customers.
PERSONAL DATA PROTECTION POLICY
Currently, Bank
Mandiri has refined the Data Management Standard Operating Procedure (SOP),
governing the procedures for processing personal data, including arrangements
for processing personal data in accordance with the approved purposes of its use
by customers, data retention periods, the process of receiving and/or sending
data to external parties, as well as data deletion and destruction.
As a means of transparency for customers regarding the types of personal data
collected and its processing, Bank Mandiri has published a privacy policy for
customers within the Livin' by Mandiri application. This is aimed at providing
assurance and comfort to Livin' users and includes detailed information about
the handling of personal data, such as:
UPDATE AND ACCESS TO PERSONAL DATA
Bank Mandiri ensures
that customers have the right to modify, add, complete, or delete their personal
data in accordance with relevant regulations. Customers can access and update
their personal information through branch offices, call centers, and the Livin'
application. The bank also prioritizes customer comfort by employing masking
processes for sensitive data and safeguarding against data leaks through the use
of Data Loss Prevention (DLP) tools.
The bank follows the principle of minimizing requests for personal data in
accordance with transaction requirements and regulatory compliance. It stores
personal data according to relevant provisions and is dedicated to deleting data
after the specified retention period as necessitated by business needs and
permitted by regulations. Additionally, the company refrains from acquiring
personal data from any third party without the customer's consent and/or a valid
agreement and/or in accordance with applicable provisions.
Control and Storage of Personal Data
Bank Mandiri is fully committed to preventing unauthorized or accidental access, processing, or deletion of data by any party. This commitment is upheld by implementing comprehensive data security management, encompassing asset management monitoring activities, protection of data transfers, and data destruction. The applied data security efforts include: