On 17 October 2022, the Bill on the Protection of Personal Data entered into force, with a grace period of two years on compliance. The Bill establishes that cross-border data transfers will be limited to countries with a level of data protection regulations equal to or higher than Indonesia's. In the case the state does not provide the same level of protection, data controllers have to enter into binding contracts with the parties receiving the data to ensure personal data protection.
Original source