On 20 September 2022, the Bill on the Protection of Personal Data was adopted by the House of Representatives of the Republic of Indonesia. The Bill states that data controllers have to conduct impact assessments to identify risks in processing personal data. Furthermore, the entities are obliged to implement preventive, detective, and responsive security measures to ensure the protection of the personal data stored from unauthorised access. Finally, the entities will have to report to the authorities within 72 hours of unauthorised access to personal data.
Original source