Recommendations
Having in mind that the categories of personal data, the manner of processing of personal data and the scope of personal data for every collection has to be based on law the real practice is not in compliance with the LPDP. Namely, all previously mentioned is defined by a Rulebook and not by the Law on Health Insurance. Modification on the Law on Health Insurance should be done so that the categories of personal data, the manner of processing of personal data and the scope of personal data for every collection are defined by law.
Precise definition of the keeping period should be done in this law. Additional provision for the technical and organizational measures is needed.
Additional provision for the technical and organizational measures is needed not only for the internal procedures of the Pension and Disability Fund but as well for sharing data with other subjects.