Personal Data Protection Bill - Indonesia

Personal Data Protection Bill - Indonesia


The Personal Data Protection Bill is the draft law to regulate the personal data processing in Republic of Indonesia. When this Law comes into force, the party involved in Personal Data processing, must adjust to the processing requirements of the Law.


Some of the key highlights are:

  • Explicit Consent is required from the data owner for personal data processing.
  • Responding timelines for Data subject rights have been separately called out in the bill.
  • Data controller to notify the data owner and the Minister within 3 days of data breach.
  • Penalties for non- compliance may range from 20 Billion Rp to 70 Billion or Imprisonment ranging from 2 to 7 years.

© 2023 Siddharta Widjaja & Rekan – Registered Public Accountants, an Indonesian partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit

They are not and nothing contained herein shall be construed to place these entities in the relationship of parents, subsidiaries, agents, partners, or joint venturers. No member firm has any authority (actual, apparent, implied or otherwise) to obligate or bind KPMG International or any member firm in any manner whatsoever. The information contained in herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

Connect with us