Indonesia: Entry into force with grace period Personal Data Protection Bill outlining cybersecurity requirements

Entry into force with grace period Personal Data Protection Bill outlining cybersecurity requirements

On 17 October 2022, the Bill on the Protection of Personal Data entered into force, with a grace period of two years on compliance. The Bill states that data controllers have to conduct impact assessments to identify risks in processing personal dat…

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

legislature

Government Body

parliament

Complete timeline of this policy change

Hide details

2020-01-24

under deliberation

On 24 January 2020, the Personal Data Protection (PDP) Law is introduced in the Indonesian House of…

2022-09-20

adopted

On 20 September 2022, the Bill on the Protection of Personal Data was adopted by the House of Repre…

2022-10-17

in grace period

On 17 October 2022, the Bill on the Protection of Personal Data entered into force, with a grace pe…

2024-10-17

in force

On 17 October 2024, the Bill on the Protection of Personal Data entered into force fully after the …

Description

Entry into force with grace period Personal Data Protection Bill outlining cybersecurity requirements

Scope

Complete timeline of this policy change