Indonesia enacts personal data protection act, with a DPA

Andin Aditya Rahman, a lawyer in Indonesia – the world’s fourth most populous country – and Graham Greenleaf, PL&B Asia Pacific Editor, report on the law which entered into force on 17 October 2022.

After introducing its first comprehensive draft bill on personal data protection in early 2016,(1) the Indonesian parliament considered various drafts, including one without a data protection authority (DPA). The parliament (Dewan Perwakilan Rakyat or DPR) finally passed Indonesia’s personal data protection bill into Law No. 27 of 2022 (PDP Law) on 17 October 2022, leaving India, Pakistan, and Bangladesh in the Asian region as the only significant countries without comprehensive data protection legislation.

The PDP Law contains a total of 16 chapters and 76 articles, including provisions on the types of data that are within the scope of the PDP Law, rights of data subjects, data processing by data controllers and processors, obligations of data controllers and mandatory appointment of data protection officers (DPO), the data protection authority (DPA), and administrative and criminal sanctions for non-compliance.

Continue Reading

International Report subscribers, please login to access the full article


If you wish to subscribe, please see our subscription information.