Indonesia: Entry into force with grace period Personal Data Protection Bill outlining cybersecurity requirements

Compare with different regulatory event:

Description

Entry into force with grace period Personal Data Protection Bill outlining cybersecurity requirements

On 17 October 2022, the Bill on the Protection of Personal Data entered into force, with a grace period of two years on compliance. The Bill states that data controllers have to conduct impact assessments to identify risks in processing personal data. Furthermore, the entities are obliged to implement preventive, detective, and responsive security measures to ensure the protection of the personal data stored from unauthorised access. Finally, the entities will have to report to the authorities within 72 hours of unauthorised access to personal data.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

legislature

Government Body

parliament

Complete timeline of this policy change

Hide details

2020-01-24

under deliberation

On 24 January 2020, the Personal Data Protection (PDP) Law is introduced in the Indonesian House of…

2022-09-20

adopted

On 20 September 2022, the Bill on the Protection of Personal Data was adopted by the House of Repre…

2022-10-17

in grace period

On 17 October 2022, the Bill on the Protection of Personal Data entered into force, with a grace pe…

2024-10-17

in force

On 17 October 2024, the Bill on the Protection of Personal Data entered into force fully after the …