Indonesia
Summary
Law: Personal Data Protection Law (only available in Indonesian here) ('PDPL')
Regulator: There is no general data protection authority at present.
Summary: Currently, Indonesia takes a patchwork approach to personal data protection legislation, with provisions related to data privacy appearing in several different pieces of legislation. In particular, Law No. 11 of 2008 on Electronic Information and Transactions, as amended by Law No. 19 of 2016 on the Amendment to Law No. 11 of 2008 on Electronic Information and Transactions (only available in Indonesian here) ('the Electronic Information Law') provides certain data privacy rights. In addition, the Kominfo Regulation No. 20 of 2016 on Personal Data Protection in Electronic Systems ('Kominfo Regulation 20') establishes significant data protection requirements for electronic system providers, and Government Regulation No. 71 of 2019 regarding the Implementation of Electronic Systems and Transactions (only available in Indonesian here) ('GR 71') outlines the procedural guidelines for the Electronic Information Law.
The PDPL creates a singular, comprehensive approach to personal data protection. The PDPL establishes a dedicated institution responsible for administering the PDPL and introduces notable obligations for data controllers and processors. Following its ratification on 20 September 2022, the PDPL entered into force, on 17 October 2022. Article 74 of the PDPL provides that controllers, processors, and any other parties related to the processing of personal data will have two years from the date of promulgation to comply with the PDPL.