JAKARTA — Indonesia’s tax directorate is assuring citizens that taxpayer data will remain secure despite a new regulation requiring financial institutions to share transaction information, including credit card data, with the government.
Director General of Taxes Bimo Wijayanto stated on Thursday, March 5, 2026, that the agency’s data management systems have undergone rigorous testing by multiple national agencies, emphasizing that data protection is a core principle of tax administration.
“We have completed a review of personal data protection with Komdigi, as well as with BSSN to review the sovereignty and security of our data and systems,” Wijayanto said during a media briefing at the directorate’s headquarters.
Wijayanto explained that the Directorate General of Taxes’ systems, including Coretax, have been subject to security and data protection reviews. Taxpayer confidentiality is also legally protected under Article 34 of tax regulations, which mandates officials to safeguard data.
He affirmed that this principle is embedded in the development of the directorate’s technology, and systems also undergo penetration testing by independent agencies.
Several agencies were involved in the testing process, including the National Cyber and Crypto Agency, the State Intelligence Agency, and the Strategic Intelligence Agency.
The assurances follow the issuance of Finance Minister Regulation Number 8 of 2026. The regulation, signed by Finance Minister Purbaya Yudhi Sadewa, requires government institutions, agencies, associations, and other parties to submit tax-related data to the Directorate General of Taxes.
“Government institutions, agencies, associations, and other parties are obliged to provide data and information relating to taxation to the Directorate General of Taxes,” reads Article 1 of PMK 8/2026, as cited Wednesday, March 4, 2026.
Specifically for banking, reports must include customer credit card payment transactions at merchants. Data includes the identity of the issuing and acquiring banks, the merchant’s identity and address, transaction value, settlement transaction amounts, and total canceled transactions.
Twenty-three banks are required to submit reports, including PT Bank Central Asia Tbk, PT Bank Negara Indonesia Persero Tbk, PT Bank Mandiri Persero Tbk, PT Bank OCBC NISP Tbk, PT Bank Syariah Indonesia Tbk, and PT Bank Rakyat Indonesia Persero Tbk.
KOMPAS.com berkomitmen memberikan fakta jernih, tepercaya, dan berimbang. Dukung keberlanjutan jurnalisme jernih dan nikmati kenyamanan baca tanpa iklan melalui Membership. Gabung KOMPAS.com Plus sekarang
