Indonesia: Implemented Government Regulation 71/2019 introducing data protection requirements

On 4 October 2020, the Government of Indonesia implements Government Regulation 71 (GR 71/2019). The Regulation amends GR 82/2012 and it introduces significant changes to data protection regulation. The Regulation imposes Electronic Service Providers (ESPs) to respect personal data and the citizens' right to be forgotten, according to which ESPs must follow data deletion requirements. Moreover, ESPs are required to safeguard data security and make available audit tracking of all electronic system operations which can be used for the purpose of supervision, law enforcement, dispute settlement, verification, testing, and other investigations. Lastly, GR 71/2019 introduces sanctions in case of non-compliance that can take the form of warning letters, administrative fines, temporary suspension of activities, termination of access, and removal from the list.