Indonesia Data Protection Laws – Laws to Take Notice Of

“DP” stands for data protection. Data protection is a significant part of any company’s framework, and any entity’s functioning. Indonesia has such a law, the “Personal Data Protection Law”, resembling the General Data Protection Regulations established by the European Union, or the EU GDPR. The recent law, states in clear terms, the legal basis to obtain and process personal information and data. The laws also stipulate stringent action against individuals who break the DP laws. Penalties include official fines amounting to 2% of the annual revenue of the company in question. 

Data Protection Laws in Action – Indonesia Enforces Accountability

In the latter part of 2022, Indonesia put its first Personal Data Protection Law into action, This was established after a long period of deliberation by the authorities. More importantly, the regulations came through with rapid approvals after a string of data breaches was prevalent in recent times. The National Cyber and Encryption Agency have been actively investigating certain claims by particular hackers known as “Bjorka”. These hackers state that they had exposure to private data that belonged to the Indonesian government. 

New Regulations – Better Late Than Never

Indonesia was always gradual in the establishment of a data protection law. Nonetheless, with the new law in active force, Indonesia has been ardently observing it and finding that it serves dual purposes. Not only do new data protection rules keep personal and private information secure, but they also encourage more companies to do business altogether. Without active regulations for personal information safety in place, Indonesia had found itself at a disadvantage where business investment, especially from abroad, was concerned. 

Companies were hesitant to enter industries where compliance issues may become problems for them. Under the fresh set of regulations, both local companies and foreign corporations will be accountable for any data breaches. Individuals responsible for personal data breaches may face fines of around US$400,000 (6 billion Indonesian rupiah).

The Need to Protect Data

DP laws are the need of the hour with regard to Indonesian industry. Not only in the sphere of commerce, Indonesia has witnessed a huge amount of cyberattacks where citizens have been at the receiving end. In 2022, in the first quarter alone, cybercrime aimed at institutions and citizens reached 11.8 million in number. This was a rise from the previous year’s record at the same time. The increase was at 22%. Additionally, on the basis of a report from Interpol, the country was the brunt of more attacks from ransomware than any other nation in the Southeast Asian region. With a few scattered laws in effect prior to the new regulations, action was a challenge to enforce for data breaches. 

The Indonesian DP Law – Features You Should Be Aware Of

The new PDP law in effect today defines a unique term. This is “personal data subject”. Essentially, this is the person or entity to which the personal data belongs. “Data subjects” have a right to know why their personal data and details may be requested in certain cases, and explain how this will be used. Data subjects also have the right to withdraw their personal information from being processed. Under the new law, consent to process data must be taken from the subjects according to any written set of agreements like a contract, consent, etc. 

The law is applicable to any local and international person or organisation under the jurisdiction of Indonesia. It is also applicable to people and entities that may have legal influence over the laws of Indonesia. 

Know the Laws of the Land

The crux of success for any business is to expand and grow. If you believe that it is high time to expand your business into Indonesia, or any other nation in the Asia Pacific region, we at can help.