Progress

Current status
in grace period
17 Oct 2024 in force
17 Oct 2022 in grace period
20 Sep 2022 adopted
24 Jan 2020 under deliberation

Scope

Implementers
Indonesia
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Government Branch
legislature
Government Body
parliament
Implementation Level
national

Timeline of events

17 Oct 2024
in force

Implemented Personal Data Protection Bill outlining cybersecurity requirements

On 17 October 2024, the Bill on the Protection of Personal Data entered into force fully after the lapse of a two year grace period. The Bill states that data controllers have to conduct impact assessments to identify risks in processing personal da…

Source
Event type law
Action type implementation
Government branch legislature
Government body parliament
17 Oct 2022
in grace period

Entry into force with grace period Personal Data Protection Bill outlining cybersecurity requirements

On 17 October 2022, the Bill on the Protection of Personal Data entered into force, with a grace period of two years on compliance. The Bill states that data controllers have to conduct impact assessments to identify risks in processing personal dat…

Source
Event type law
Action type in force with grace period
Government branch legislature
Government body parliament
20 Sep 2022
adopted

Adopted Personal Data Protection Bill outlining cybersecurity requirements

On 20 September 2022, the Bill on the Protection of Personal Data was adopted by the House of Representatives of the Republic of Indonesia. The Bill states that data controllers have to conduct impact assessments to identify risks in processing pers…

Source
Event type law
Action type adoption
Government branch legislature
Government body parliament
24 Jan 2020
under deliberation

Introduced Personal Data Protection Law outlining cybersecurity requirements

On 24 January 2020, the Personal Data Protection (PDP) Law is introduced in the Indonesian House of Representatives. The Bill states that data controllers have to conduct impact assessments to identify risks in processing personal data. Furthermore,…

Source
Event type law
Action type introduction
Government branch legislature
Government body parliament