

POJK Nomor 22
Tahun 2023

UU PDP Nomor 27
Tahun 2022

POJK Nomor 11/
POJK.03/2022
The regulations above have been enacted and officially issued by:

Criminal Penalty – Up to 6 Years
Financial Fine – Up to IDR 6 Billion
Financial Fine – Up to 10× the Individual Penalty Business License Suspension – 5 Years Permanent License Revocation and Business Closure

Data collection must be supported by a lawful basis, such as user consent, contractual necessity, or legal obligations.

Consent must be given freely, be specific, informed, and unambiguous. Individuals must also be able to withdraw their consent at any time.

Data controllers must implement appropriate technical and organizational measures to ensure data security.

Personal data must be collected for specified, explicit, and legitimate purposes. It should not be further processed in ways that are incompatible with those original purposes.

Outline the rights of data subjects, including the right to access, correct, delete, and restrict processing.

Organizations that handle large volumes of personal or sensitive data must appoint a Data Protection Officer (DPO) to oversee compliance with Indonesia’s Personal Data Protection Law.

Data controllers must notify the Personal Data Protection Committee Office (PDPC) within 72 hours after becoming aware of a data breach.

Cross-border data transfers are only allowed to countries with adequate data protection measures, or under specific conditions approved by the data protection authority.

Data controllers are required to maintain records of their data processing activities and make them available to the data protection authority upon request.

Emphasize the importance of training employees on data protection and security practices.

Data classification is a foundational step in the data protection lifecycle. It is the process of consistently organizing and labeling data based on specific, predefined criteria.

Combining insights from systems, users, and data gives you the visibility needed to defend against evolving threats.
Protect data wherever it lives, control connected external devices, govern data flow to those endpoints, and detect unusual user or system behavior.

A software-based method that securely overwrites data on any storage device by applying binary-level rewriting across all device sectors.

