Jakarta, Indonesia Sentinel — The Indonesian Ministry of Communication and Information Technology (Kominfo) has confirmed that the Personal Data Protection Law (UU PDP) will be fully implemented starting October 17, 2024, marking the end of the two-year transition period since its ratification in 2022.
Hokky Situngkir, Director General of Informatics Applications (Dirjen Aptika), stated that this means all data controllers and processors within the country must now fully comply with the law. “As of October 17, the transition period is over, and the Personal Data Protection Law will be fully enforced,” Hokky said in Jakarta on Thursday, October 17.
While the law is now fully in effect, Hokky noted that the supporting regulations, including Government Regulations and a Presidential Decree (Perpres) to establish a data protection oversight body, are still in the harmonization process. “We are still awaiting the harmonization of these derivative regulations. The Government Regulation and Presidential Decree for the institution have not yet been finalized,” he explained.
Despite the absence of these specific regulations, Hokky emphasized that enforcement has already begun. “Law enforcement has already started. Some cases have been prosecuted, and there have been instances of access being restricted,” he added.
Kominfo has also been handling complaints from the public regarding violations of personal data protection. “We have received complaints, and some cases have shown clear breaches. When personal data protection fails, actions are taken, which can range from administrative fines to formal warnings,” Hokky stated.
The Personal Data Protection Law (UU PDP), enacted as Law No. 27 of 2022, establishes an oversight body with the authority to monitor compliance and impose sanctions on violators. Passed on October 17, 2022, the law allowed a two-year grace period for entities to adjust to the regulations, with the full implementation deadline set for October 17, 2024.
QRIS Transaction Reach Rp188.36 Trillion, Debit Card Its Over!
The legislation was introduced in response to the growing number of data breaches and misuse incidents, which underscored the need for formal legal protections for personal data. According to Kominfo, from 2019 to May 2024, there were 124 reported cases of alleged personal data protection violations in Indonesia, with 111 of these involving data breaches.
Indonesia’s Personal Data Protection Law aligns with international standards, particularly the General Data Protection Regulation (GDPR). It defines the rights and obligations of individuals and entities regarding data privacy, establishing penalties for non-compliance.
With the law now in full effect, authorities are empowered to take legal action against violations, especially those concerning personal data breaches. The implementation of the UU PDP is expected to significantly enhance data privacy protections across Indonesia.
(Raidi/Agung)