Indonesia’s data privacy regulation is governed by the Personal Data Protection Bill, which was introduced in 2020. The bill seeks to protect personal data of Indonesian citizens from misuse, unauthorized access, or disclosure.
- Some of the key provisions of the bill include:
- Consent: The bill requires companies to obtain explicit consent from individuals before collecting, using, or disclosing their personal data.
- Cross-border data transfer: Companies must ensure that personal data is only transferred outside of Indonesia if the recipient country has adequate data protection laws in place.
- Data breach notification: Companies must notify individuals and the relevant authorities in the event of a data breach.
- Data protection officer: Companies that process large amounts of personal data must appoint a data protection officer to oversee compliance with the bill.
- Penalties: The bill imposes significant penalties for non-compliance, including fines of up to IDR 70 billion (approximately USD 4.8 million) or imprisonment of up to 12 years.
The Personal Data Protection Bill is still in the legislative process, and it is unclear when it will be passed into law. However, it is expected to significantly impact how businesses in Indonesia handle personal data and promote greater transparency and accountability in data processing.