99exch Logo
Login

Data Protection Officer (DPO) Charter

Last Updated: October 18, 2025

1. Purpose

This Charter defines the mandate and independence of the Data Protection Officer (DPO) appointed under the Digital Personal Data Protection Act 2023 and aligned with GDPR Article 37–39.

2. Appointment & Position

The Board appoints a qualified individual with expertise in data privacy law and cyber-risk management. The DPO reports directly to senior management and cannot be dismissed for executing privacy duties.

3. Key Responsibilities

  1. Monitor compliance with data-protection laws and internal policies.

  2. Advise management on privacy impact assessments.

  3. Serve as contact point for regulators and data subjects.

  4. Oversee incident response and breach notifications.

  5. Maintain records of processing activities (ROPA).

  6. Train staff on privacy and information-security best practices.

4. Independence

The DPO acts without conflict of interest and cannot hold positions that determine data-processing purposes or means (e.g., Head of Marketing).

5. User Rights Handling

All requests for access, rectification, deletion, or withdrawal of consent are logged and processed under the DPO’s supervision within 30 days.

6. Reporting & Audit

Quarterly reports submitted to management summarize: incident metrics, training completion, and pending requests. Annual independent audits assess effectiveness.

7. Communication Channel

Users may reach the DPO via dpo@my99exch.id or through the /contact/ form. All inquiries receive acknowledgment within 72 hours.

8. Breach Notification Protocol

In the event of a personal-data breach:

  • Assessment within 24 hours.

  • Notification to authorities and affected users within 72 hours.

  • Remediation plan implemented and documented.

9. Resources & Training

The DPO is allocated adequate budget and tools to conduct audits and training independently without corporate interference.

10. Policy Review

The Charter is reviewed annually and updated to reflect changes in law or organizational structure.

Summary: Our DPO acts as an independent guardian of privacy rights, ensuring compliance and swift response to data requests or breaches.

WhatsApp Get ID Now