On 24 January 2020, the Personal Data Protection (PDP) Law is introduced in the Indonesian House of Representatives. The Bill states that data controllers have to conduct impact assessments to identify risks in processing personal data. Furthermore, the entities are obliged to implement preventive, detective, and responsive security measures to ensure the protection of personal data from unauthorised access. Finally, the entities will have to report to the authorities within 72 hours of the detected unauthorised access to personal data.
Original source