Note that this document created in mid-2020 where on 24 January 2020, President Joko Widodo signed the Personal Data Protection (PDP) Bill which is currently being finalized by the Indonesian House of Representatives (DPR). Upon finalization of this PDP Bill, Indonesia will become the fifth country in ASEAN to implement regulations regarding Personal Data Protection. 

For the existing Personal Data Controller, there will be a two-year period before the PDP Bill is fully effective and achieves full compliance.

The protection of personal data in Indonesia was initially focused on protection from a privacy perspective. Under the Indonesian Constitution,  the concept of privacy rights has been recognized and protected as part of the general concept of human rights. With the need to cover the sector yet to be regulated, specifically, that of the internet and electronic transaction-related activities, Law No. 11/2008 on Electronic Information and Transactions as amended by Law No. 19/2016 (collectively, the EIT Law) was passed. Even though most of the provisions of the EIT Law focus on electronic transactions, there is a notable provision that deals with personal data in the EIT Law.