Overseeing the Culture and Digital Transformation that have been carried out since 2021, BRI further strengthens the role of Governance as the basis for developing and implementing the company’s business through increasing employee awareness, improving systems, and updating policies. Enhanced implementation of BRI’s Good Corporate Governance has received recognition from various parties so that BRI is ranked as the Most Trusted Company in Corporate Governance Perception Index from The Indonesian Institute for Corporate Governance.

Data Privacy & Data Management System

Cyber Security Framework

BRI has strengthened customer data security management by establishing a data privacy management function under Enterprise Data Management (EDM) Division. In accordance with Law Number 27 of 2022 on Protection of Personal Data (UU PDP), BRI has formulated policies and programs to improve data security and consumer privacy. The policies implemented throughout 2022 include:

1. Policy on Standardization, Classification and Data Security is regulated in Circular Letter Number 55- DIR/EDM/10 of 2022;
2. Personal Data Protection Policy is regulated in Circular Letter Number 55-DIR/EDM/10 of 2022;
3. Consent Management Policy is regulated in SO.91- EDM/12 of 2022; and
4. The Record of Processing Activities policy is regulated in SO.91-EDM/12 of 2022

In 2022, EDM Division organized several programs related to measures to boost privacy awareness for all BRI employees, including:

1. Privacy E-Learning Series
   BRI has published eight learning series related to practices to maintain privacy so that the culture of privacy can be understood in daily practices of BRI employees.
2. Privacy Podcast
   Collaboration between EDM Division and the Corporate University on July 27 2022 has successfully produced a podcast called “Kata Data- Data Privacy” on the BRISmart internal learning platform.
3. Dissemination and Internalization of Privacy Culture to Work Units across Indonesia
   This dissemination and the internalization have been carried out to regional offices throughout the country, followed by the participation of UKO. The activity was carried out in March 2022

In addition, regulations on personal data security in multiple countries are heavily influenced by the European Union General Data Protection Regulation (EU GDPR). These regulations have made BRI use the EU GDPR as a basic reference to adopt fundamental needs and build capability standards in personal data protection. BRI conducted an in-depth review of regulations in various countries as a reference for assessment. In implementing a number of data privacy programs, BRI refers to a framework with a focus on strengthening 8 (eight) areas, as follows:

*) Click to expand

BRI is very committed to improving the security of data information that we manage. We have implemented the principles in securing and managing customer data as outlined in various main company regulations.

*) Click to expand