Indonesia: Implemented Personal Data Protection Bill including data protection authority governance

On 17 October 2024, the Bill on the Protection of Personal Data entered into force fully after the lapse of a two year grace period. It foresees the establishment of a data protection authority which is answerable to the President, and which is responsible for formulating guidelines on data protection, supervising the implementation of the Bill, overseeing administrative enforcement against violations of the Bill, and facilitating relevant dispute resolutions. The authority would have, among other things, the power to formulate relevant policies, receive complaints, carry out investigations, impose sanctions, carry out evaluations regarding cross-border data transfers, and coordinate with other national data protection authorities.