Indonesia: Cybersecurity measures in Indonesia Personal Data Protection Law

Progress

Current status

in grace period

17 Oct 2024 in force

17 Oct 2022 in grace period

20 Sep 2022 adopted

24 Jan 2020 under deliberation

Scope

Implementers

Indonesia

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

cross-cutting

Government Branch

legislature

Government Body

parliament

Implementation Level

national

Timeline of events

17 Oct 2024

in force

Implemented Personal Data Protection Bill outlining cybersecurity requirements

On 17 October 2024, the Bill on the Protection of Personal Data entered into force fully after the lapse of a two year grace period. The Bill states that data controllers have to conduct impact assessments to identify risks in processing personal da…

Source

Event type law

Action type implementation

Government branch legislature

Government body parliament

17 Oct 2022

in grace period

Entry into force with grace period Personal Data Protection Bill outlining cybersecurity requirements

On 17 October 2022, the Bill on the Protection of Personal Data entered into force, with a grace period of two years on compliance. The Bill states that data controllers have to conduct impact assessments to identify risks in processing personal dat…

Source

Event type law

Action type in force with grace period

Government branch legislature

Government body parliament

20 Sep 2022

adopted

Adopted Personal Data Protection Bill outlining cybersecurity requirements

On 20 September 2022, the Bill on the Protection of Personal Data was adopted by the House of Representatives of the Republic of Indonesia. The Bill states that data controllers have to conduct impact assessments to identify risks in processing pers…

Source

Event type law

Action type adoption

Government branch legislature

Government body parliament

24 Jan 2020

under deliberation

Introduced Personal Data Protection Law outlining cybersecurity requirements

On 24 January 2020, the Personal Data Protection (PDP) Law is introduced in the Indonesian House of Representatives. The Bill states that data controllers have to conduct impact assessments to identify risks in processing personal data. Furthermore,…

Source

Event type law

Action type introduction

Government branch legislature

Government body parliament

Progress

Scope

Timeline of events

Implemented Personal Data Protection Bill outlining cybersecurity requirements

Entry into force with grace period Personal Data Protection Bill outlining cybersecurity requirements

Adopted Personal Data Protection Bill outlining cybersecurity requirements

Introduced Personal Data Protection Law outlining cybersecurity requirements

Related changes

Indonesia: Personal Data Protection Law including data protection authority governance

Indonesia: Personal Data Protection Law including cross-border data transfer regulation

Indonesia: Data protection measures in Indonesia Personal Data Protection Law

Indonesia: Cross-border data transfer regulation in Implementing Regulation of Personal Data Protection Act

Indonesia: Data protection regulation in Implementing Regulation of Personal Data Protection Act

Indonesia: National Work Competency Standards (SKKNI) for DPOs

Indonesia: Case No. 110/PUU-XX/2022 on Art.15(1)(a) of Personal Data Protection Law

Indonesia: Case regarding constitutionality of Articles 1(4), 2(2) and 19 of the Personal Data Protection Law (No. 108/PUU-XX/2022)