This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Norton Rose Fulbright logo
  • Global
  • About
    • Back
    • About
    • Our firm
      • Back
      • Our firm
      • Clients
      • Global coverage
      • Vision, culture and people
      • Governance structure
      • Risk management
      • NRF Transform
      • Alumni
    • Diversity, Equity & Inclusion
      • Back
      • Diversity, Equity & Inclusion
      • Our people
      • Recognition
      • Governance
    • Corporate responsibility
      • Back
      • Corporate responsibility
      • Pro bono
      • Volunteering
      • Fundraising
      • Sustainable practice
      • Global charitable initiatives
    • Photo montage
      RE:

      Read our magazine
  • People
  • Services
    • Back
    • Services
    • Services A-Z
    • Key industries
      • Back
      • Key industries
      • Consumer markets
      • Energy, infrastructure and resources
      • Financial institutions
      • Life sciences and healthcare
      • Technology
      • Transport
    • Practices
      • Back
      • Practices
      • Antitrust and competition
      • Banking and finance
      • Bankruptcy, financial restructuring and insolvency
      • Climate change and sustainability
      • Consulting
      • Corporate, M&A and securities
      • Employment and labor
      • Energy
      • Environmental, social and governance (ESG)
      • Financial services and regulation
      • Information governance, privacy and cybersecurity
      • Intellectual property
      • Litigation and disputes
      • Private equity and venture capital
      • Projects
      • Real estate
      • Regulation and investigations
      • Risk advisory
      • Tax
      • Banking and finance
      • Climate change and sustainability
      • Corporate, M&A and securities
      • Energy
      • Financial services and regulation
      • Intellectual property
      • Private equity and venture capital
      • Real estate
      • Risk advisory
    • NRF Transform
    • Transform image

      Find out more
  • Insights
    • Back
    • Insights
    • NRF InstituteProfessional developmentResources and tools
    • PublicationsBlogsVideos
    • EventsWebinarsPodcasts
    • colorful light particles
      Sustainability and ESG

      Visit the hub
  • News
    • Back
    • News
    • Press releases
    • Market recognitions
    • Media information
  • Locations
  • Careers
    • Back
    • Careers
    • Graduates and students
    • Search current vacancies
      • Back
      • Search current vacancies
  • Change
  • Global
    • Back
    • global site
    • North America
      • Canada (English)
      • Canada (Français)
      • United States
    • Latin America
      • Latin America
      • Brazil
      • Mexico
    • Europe
      • Belgium
      • Deutschland (Deutsch)
      • France
      • Germany (English)
      • Greece
      • Italy
      • Luxembourg
      • Poland
      • The Netherlands
      • Turkey
      • United Kingdom
    • Middle East
    • Africa
      • Africa
      • Burundi
      • Kenya
      • Morocco
      • South Africa
      • Uganda
      • Zimbabwe
    • Asia Pacific
      • Australia
      • China
      • Hong Kong SAR
      • Indonesia
      • Japan
      • Singapore
      • Thailand
    • Regional practices
      • India
      • Israel
      • Korea
      • Marshall Islands
      • Nordic region
      • Pakistan
      • Vietnam
Lake in the forest

Connections

Insights, perspectives and viewpoints from our lawyers on topical issues

All Posts Subscribe
print-logo
10/26/2022 2:55:14 PM | 1 minute read

Shedding light on Indonesia's new personal data protection law

featured image
3
14

Get in touch

Avatar
Jeremy Lua
Senior Associate

Get in touch

Avatar
Jeremy Lua
Senior Associate
3
14

On 20 September 2022, Indonesia's parliament passed its long-awaited personal data protection law that has been in the works since 2016. At the time, the specific details of the new personal data protection law were not available until the official text of the legislation was published on 18 October 2022. 

Since the official text has been published, we can now shed some light on the key provisions of Indonesia's personal data protection law, with key features including:

  • imposing obligations on data controllers and data processors; 
  • recognising lawful grounds for organisations to process data apart from obtaining consent from data subjects; 
  • requiring organisations to appoint a data protection officer; 
  • requiring organisations to conduct data protection impact assessments in certain situations; and
  • data breach notification.

Additionally, the new data protection law also has extra-territorial scope as it covers personal data of Indonesian subjects outside of Indonesia if it is processed in Indonesia or if outside provided that such processing has legal impact in Indonesia. 

Organisations have a two-year transitional period (i.e. by 2024) to prepare for the full implementation of this new data protection law. During this period, businesses will need to establish their personal data protection compliance processes and procedures to comply with the requirements of Indonesia's new data protection law. 

In this regard, businesses who have in place existing personal data protection frameworks may have some of their work cut out for them in designing processes - they should be aware of the nuances in Indonesia's new data protection laws and ensure that their processes and procedures adequately account for these.

The new personal data protection law will be a game changer for Indonesia’s vibrant tech scene and may spur greater innovation yet – this is a space I will be closely watching in the next couple of years!

Finally, the PDP Law has a two year transitional period after its enactment i.e. by October 2024. We also expect that within that period the president would establish the data protection authority. Businesses would need to conduct internal assessment on their personal data protection compliance and adjust their relevant practices/policies within the transitional period before relevant provisions of the PDP Law are fully enforced.
www.nortonrosefulbright.com/...

Subscribe to our Connections insights Sign-up now

Tags

data protection, indonesia, technology, banking and finance, privacy and cyber security, digitisation, data privacy

Get in touch

Avatar
Jeremy Lua
Senior Associate

Get in touch

Avatar
Jeremy Lua
Senior Associate
Key takeaways from MIPIM 2025: Future-proofing data centres
3/25/2025 4:21:32 PM

Key takeaways from MIPIM 2025: Future-proofing data centres

By Kirsty Harrower
As the digital infrastructure landscape continues to evolve, increasing AI workloads present both challenges and opportunities for data...
1
35
36

Latest Insights

Shaping future successes: What I took away from "An evening with Annie Vernon"
5/8/2025 1:38:17 PM

Shaping future successes: What I took away from "An evening with Annie Vernon"

By Emma Humphries
Maritime decarbonisation: Current issues facing shipping companies
5/1/2025 1:36:52 PM

Maritime decarbonisation: Current issues facing shipping companies

By Kelli Bodal Hansen Philip Roche
10
10
Competition Policy and the Clean Industrial Deal: Let’s be friends
4/17/2025 3:26:12 PM

Competition Policy and the Clean Industrial Deal: Let’s be friends

By Alexandra Rogers Jay Modrall

Explore our site

  • About
  • Careers
  • Diversity, equity and inclusion
  • People
  • Services
  • Insights
  • News

Key industries

  • Consumer markets
  • Energy, infrastructure and resources
  • Financial institutions
  • Life sciences and healthcare
  • Technology
  • Transport

Locations

  • Global coverage

Norton Rose Fulbright © 2024. All Rights Reserved.

  • Amsterdam
  • ●
  • Athens
  • ●
  • Austin
  • ●
  • Bangkok
  • ●
  • Beijing
  • ●
  • Brisbane
  • ●
  • Brussels
  • ●
  • Bujumbura**
  • ●
  • Calgary
  • ●
  • Canberra
  • ●
  • Cape Town
  • ●
  • Casablanca
  • ●
  • Dallas
  • ●
  • Denver
  • ●
  • Dubai
  • ●
  • Durban
  • ●
  • Düsseldorf
  • ●
  • Frankfurt
  • ●
  • Hamburg
  • ●
  • Harare**
  • ●
  • Hong Kong SAR
  • ●
  • Houston
  • ●
  • Istanbul
  • ●
  • Jakarta*
  • ●
  • Johannesburg
  • ●
  • Kampala**
  • ●
  • London
  • ●
  • Los Angeles
  • ●
  • Luxembourg
  • ●
  • Melbourne
  • ●
  • Mexico City
  • ●
  • Milan
  • ●
  • Minneapolis
  • ●
  • Monaco
  • ●
  • Montréal
  • ●
  • Munich
  • ●
  • Newcastle
  • ●
  • New York
  • ●
  • Nairobi**
  • ●
  • Ottawa
  • ●
  • Paris
  • ●
  • Perth
  • ●
  • Piraeus
  • ●
  • Québec
  • ●
  • Riyadh*
  • ●
  • San Antonio
  • ●
  • San Francisco
  • ●
  • São Paulo
  • ●
  • Shanghai
  • ●
  • Singapore
  • ●
  • St. Louis
  • ●
  • Sydney
  • ●
  • Tokyo
  • ●
  • Toronto
  • ●
  • Vancouver
  • ●
  • Warsaw
  • ●
  • Washington DC *associate office **alliance
  • Legal notices and disclaimers
  • Impressum
  • Standard terms
  • Blog network terms and conditions
  • Cookies policy
  • Privacy notice
  • Website access conditions
  • Fraud alerts
  • Modern Slavery Statements
  • Health plan machine readable files
  • Anti-Facilitation of Tax Evasion Statement
  • Suppliers
  • History
  • Remote access
  • Sitemap
Offices and locations

Norton Rose Fulbright © 2024. All Rights Reserved.

  • Amsterdam
  • ●
  • Athens
  • ●
  • Austin
  • ●
  • Bangkok
  • ●
  • Beijing
  • ●
  • Brisbane
  • ●
  • Brussels
  • ●
  • Bujumbura**
  • ●
  • Calgary
  • ●
  • Canberra
  • ●
  • Cape Town
  • ●
  • Casablanca
  • ●
  • Dallas
  • ●
  • Denver
  • ●
  • Dubai
  • ●
  • Durban
  • ●
  • Düsseldorf
  • ●
  • Frankfurt
  • ●
  • Hamburg
  • ●
  • Harare**
  • ●
  • Hong Kong SAR
  • ●
  • Houston
  • ●
  • Istanbul
  • ●
  • Jakarta*
  • ●
  • Johannesburg
  • ●
  • Kampala**
  • ●
  • London
  • ●
  • Los Angeles
  • ●
  • Luxembourg
  • ●
  • Melbourne
  • ●
  • Mexico City
  • ●
  • Milan
  • ●
  • Minneapolis
  • ●
  • Monaco
  • ●
  • Montréal
  • ●
  • Munich
  • ●
  • Newcastle
  • ●
  • New York
  • ●
  • Nairobi**
  • ●
  • Ottawa
  • ●
  • Paris
  • ●
  • Perth
  • ●
  • Piraeus
  • ●
  • Québec
  • ●
  • Riyadh*
  • ●
  • San Antonio
  • ●
  • San Francisco
  • ●
  • São Paulo
  • ●
  • Shanghai
  • ●
  • Singapore
  • ●
  • St. Louis
  • ●
  • Sydney
  • ●
  • Tokyo
  • ●
  • Toronto
  • ●
  • Vancouver
  • ●
  • Warsaw
  • ●
  • Washington DC *associate office **alliance
Policies and disclaimers
  • Legal notices and disclaimers
  • Impressum
  • Standard terms
  • Blog network terms and conditions
  • Cookies policy
  • Privacy notice
  • Website access conditions
  • Fraud alerts
  • Modern Slavery Statements
  • Health plan machine readable files
  • Anti-Facilitation of Tax Evasion Statement
  • Suppliers
  • History
  • Remote access
  • Sitemap
Visit our global site, or select a location
North America
  • Canada (English)
  • Canada (Français)
  • United States
Latin America
  • Brazil
  • Mexico
Europe
  • Belgium
  • Deutschland (Deutsch)
  • France
  • Germany (English)
  • Greece
  • Italy
  • Luxembourg
  • Poland
  • The Netherlands
  • Turkey
  • United Kingdom
Middle East
Africa
  • Burundi
  • Kenya
  • Morocco
  • South Africa
  • Uganda
  • Zimbabwe
Asia Pacific
  • Australia
  • China
  • Hong Kong SAR
  • Indonesia
  • Japan
  • Singapore
  • Thailand
Regional practices
  • India
  • Israel
  • Korea
  • Marshall Islands
  • Nordic region
  • Pakistan
  • Vietnam