5 Facts about the KTP Building Entry Procedure: Violating the Data Protection Law?

Is it true that the obligation to leave your ID card when entering a building violates the law? Check out 5 critical facts about KTP building entry procedures and potential violation of the Personal Data Protection Law. Don’t let your data be misused!

TechnonesiaID – In big cities, especially Jakarta, it is very common for visitors to be asked to leave an official ID card—such as an ID card, driver’s license, or student card—at the reception desk (front office) when you want to access an office building, apartment, or even certain public areas. Not only physical identification, visitors are often also required to be photographed or fill out digital forms containing sensitive information.

This practice is often considered standard security procedure. However, amidst the intensive implementation of Law Number 27 of 2022 concerning Personal Data Protection (UU PDP), a big question arises: is this practice in accordance with the data protection principles that apply in Indonesia?

Many experts believe that this excessive data collection obligation, if not clearly regulated, could be considered non-compliance with the PDP Law. Researcher from the Institute for Community Studies & Advocacy (ELSAM), Parasurama Pamungkas, even said that these steps could violate the principle of personal data protection.

Why ID Cards are Requested: Between Security and Privacy Risks

Building management usually argues that collecting identity data aims to improve security and make tracking easier (tracking) visitors if an undesirable incident occurs. They argue that by recording identities and withholding ID cards, they can ensure that only registered individuals enter sensitive areas.

However, on the other hand, KTPs contain very sensitive personal data. The Population Identification Number (NIK) in it is the key to various digital services, including opening a bank account, registering a SIM card, and accessing public services. When an ID card is left or photographed, the risk of data leakage and misuse becomes very high, especially if the data storage system in the building is not properly encrypted.

Then, how should it be KTP building entry procedures which is safe and legal? Here are 5 critical facts you should know regarding potential violation of the Personal Data Protection Law.

5 Critical Points for Violations of the Personal Data Protection Law

The PDP Law very strictly regulates how any party (as a Personal Data Controller) may collect, process and store individual data. Practices in buildings often do not meet these criteria.

1. Principle of Data Relevance in the KTP Building Entry Procedure

One of the main principles in the PDP Law is that the data collected must be relevant and limited to the stated purpose. ELSAM researchers highlight that collecting personal data that is not relevant to the activity of entering a tower or building is a violation.

What does building management really need for security? Only the name and purpose of visit. Detailed information such as NIK, date of birth, and complete address on the KTP are actually irrelevant for security purposes for short-term visits. If management insists on withholding or photographing ID cards, this could be considered a violation of the principle of relevance.

2. KTP: Sensitive Data That Should Not Be Withheld

Official identity cards such as KTPs are valid state documents. By law, people are not required to surrender or retain their KTP outside of official authorized institutions (for example, the police or immigration, and even under certain conditions). Leaving your ID card at the reception desk means you have handed over control of your sensitive data to a third party.

According to regulations, if identity needs to be verified, it is enough to show the KTP, then the officer can record the name and NIK (if really necessary) and immediately return the KTP.

3. Risks of Using Photos of Personal Data

Many buildings now require ID cards to be photographed or scanned. This process is much riskier than simply temporarily holding the physical card. When KTP data (including facial photos, full names, and NIK) is converted into digital files, the data is at risk:

• It is not deleted after the visit is completed.
• Stored on a server without adequate encryption.
• Easily accessible to unauthorized employees.

Taking identity or facial photos must be based on explicit consent (written or digital) from the data owner and must be clearly informed about the purpose of its use—in accordance with Article 20 of the PDP Law.

4. The Importance of a Legal Basis and Valid Consent

Every Personal Data Controller (in this case, building management) is required to have a valid legal basis before processing data. This legal basis can be in the form of agreement, legal obligations, or vital interests (Article 20 of the PDP Law).

In context KTP building entry proceduresif the reason is ‘security’, then management is obliged to prove that the procedure is the most minimalist way to achieve that security goal, and not just a one-sided policy that makes things easier for them.

Furthermore, consent from visitors must be given after providing clear and easy to understand information. Visitors should know: What data is captured? For what purpose? How long is it stored? And how to delete it?

5. Obligations of Building Managers after the PDP Law

Since the PDP Law was passed, the obligations of building managers are very large. Not only do they have to keep data from leaking, but they also have to ensure data integrity. If a data leak occurs (for example, visitor ID card photo data is stolen), the building manager could be subject to administrative sanctions up to a large fine.

Therefore, building managers must immediately revise their entry procedures to be in line with the PDP Law. A safer step is to use a temporary identity card (visitor badge) which is exchanged for a secondary identity such as a driver’s license or NPWP, or simply record the name and contact number, without withholding the original KTP.

Practical Solutions to Keep Data Safe

If you encounter a situation where your ID card is requested to be retained or photographed, there are several steps you can take to protect your data:

First, ask the purpose. Ask politely, “Are there any alternatives to leaving your KTP?” or “Will this KTP photo data be deleted after I leave?”

Second, offer a secondary identity. If they insist on withholding ID, offer an ID card that has a lower risk of leakage, such as a company employee card (if relevant) or driver’s license, rather than an ID card containing the vital NIK.

Third, cover your NIK when taking a photo. If the process of photographing the KTP is a mandatory procedure that cannot be avoided, use your finger or a small sticker to cover the NIK section before the KTP is photographed by the officer. This protects your primary identity number from digital misuse.

Conclusion

Although building security is a priority, the right to personal data protection is a fundamental right protected by law. The practice of having to leave your KTP or take a photo of your identity card without a strong legal basis and clear consent has the potential to violate the PDP Law.

It is important for building management to adapt immediately KTP building entry procedures them to comply with the standards of the PDP Law. For visitors, a critical and vigilant attitude towards the use of personal data is the key to avoiding data misuse in this digital era. Don’t let your sensitive data become an asset that is misused simply because of outdated security procedures.

---

Get the latest information about Gadgets, Electronics, Anime, Games, Tech and other Techno News every day through TechnoNesia social media. Follow us on: