• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Conventus Law

Conventus Law

Conventus Law

  • About Us
  • Channels
    • Jurisdiction Channel
    • Practice Area Channel
    • Industry Channel
    • Business Of Law
    • Law Firms
    • Special Reports
  • Video
  • Events
  • Explore
  • Search
  • Membership
  • Conventus Doc
x
Search

More results...

Generic filters
Home » Special Report » Data Protection And Cross-Border Data Transfers Laws And Regulations In Indonesia.

Data Protection And Cross-Border Data Transfers Laws And Regulations In Indonesia.

July 4, 2023

July 4, 2023 by

Conventus Law: In Indonesia, what laws and regulations govern cross-border data transfers, and how are they affecting businesses there?

Metalaw: The general requirements for cross-border data transfers are regulated by among others Law No. 27 of 2022 on Personal Data Protection and MOCI Regulation No. 20 of 2016 on Protection of Personal Data in Electronic Systems (PDP Law). For a specific line of business, other sectoral regulations may also be applicable, e.g., banking regulations for the banking sector. 

In general, the undertakings must comply with the requirements as regulated under the prevailing laws and regulations to avoid getting imposed with administrative sanctions in the form of warnings, temporary suspension of business activities, an announcement of non-compliance on the website, and/or administrative fines. 

How can companies ensure that their cross-border data transfers comply with Indonesian data protection laws?

The companies must comply with the requirements set out under the prevailing laws and regulations, among others:

  1. reporting the plan of the data transfers to the Ministry of Communication and Informatics (MOCI) or its authorized agency, 
  2. requesting for consultation with MOCI (or the relevant agency), if required, 
  3. reporting the implementation of the data transfer to MOCI (or the relevant agency),
  4. ensuring that the receiving country applies the same level of data protection as regulated under the PDP Law or higher; otherwise, the data controller/data processor must obtain approval from the data owner for such transfer. 

“The PDP Law adds one more requirement for cross-border data transfer, i.e., requesting the data processor/data controller to ensure that the receiving country applies the same level of data protection as regulated under the PDP Law or higher”

In the case of cross-border data transfers, what are the consequences for companies that fail to comply with Indonesian data protection laws?

As informed earlier, failing to comply with the requirements may result in the imposition of administrative sanctions in the form of warnings, temporary suspension of business activities, announcement of non-compliance on the website, and/or administrative fines.

The Personal Data Protection Bill (PDP) came into law on 17th October 2022 after publication in the State Gazette. What is the impact on cross-border data transfers?

The PDP Law adds one more requirement for cross-border data transfer, i.e., requesting the data processor/data controller to ensure that the receiving country applies the same level of data protection as regulated under the PDP Law or higher; otherwise, the data controller/data processor must obtain approval from the data owner for such transfer.

“ The foremost is that the companies must ensure that they have complied with the minimum requirements as set out under the prevailing laws and regulations in Indonesia concerning cross-border data transfer”

What international data protection frameworks or agreements has Indonesia signed or adhered to, and how do they impact cross-border data transfers?

So far as we are aware, Indonesia is not a party to any international data protection framework or agreement. ASEAN has issued an ASEAN Data Management Framework (DMF), which was endorsed by ASEAN member countries in 2021. Indonesia is a member of ASEAN. However, since the DMF is voluntary in nature, there is no requirement for the ASEAN members to adhere to the requirements as set out in the DMF. 

Considering the increasingly complex legal landscape surrounding data privacy and protection, what are some best practices for companies operating in Indonesia to protect personal data during cross-border data transfers?

We believe the companies should have guidelines to regulate the requirements that they must comply with before conducting cross-border data transfers. The foremost is that the companies must ensure that they have complied with the minimum requirements as set out under the prevailing laws and regulations in Indonesia concerning cross-border data transfer. 

For Further Information, Please Contact:

MetaLAW, Legal Consultant, Jakarta, Indonesia

general@metalaw.id

Tags: MetaLAW

Primary Sidebar

PRESS RELEASES

  • Indonesia – SSEK Hosts AmCham Human Resources Committee Meeting With Indonesian Immigration Directorate. 29 September 2023
  • Indonesia – SSEK Partners Take Stage At IPBA Regional Conference In Jakarta. 29 September 2023
  • US – NIO Completes Notes Offerings. 29 September 2023
  • US – Splunk To Be Acquired By Cisco. 29 September 2023
  • US – Jabil Announces Definitive Agreement To Divest Mobility Business For $2.2 Billion. 29 September 2023

NEWS FEED

    September 29, 2023

    Balancing Conflicting Rights Of Geographical Indications In Vietnam.

    September 29, 2023

    Cambodia Sets Registration, Standardization, And Energy Efficiency Rules For Appliances.

    September 29, 2023

    Thailand Releases Notification On Data Protection Officer Appointment.

    - Nopparat Lalitkomon - Senior Associate, Tilleke & Gibbins
    September 29, 2023

    Registering Industrial Designs For Household Appliances In Vietnam, Indonesia, And Thailand.

    September 29, 2023

    Who Will Train Digital (Legal) Talent At Scale.

    - João Costa - Legal Consultant & Legal Project Manager, Korum Legal
    September 29, 2023

    ACC Survey Finds Importance Of LegalTech For General Counsel. 

    - João Costa - Legal Consultant & Legal Project Manager, Korum Legal
    September 29, 2023

    Laos Adds To List Of Goods Requiring Import-Export Registration.

    September 29, 2023

    New Right To Request A Predictable Work Pattern In The UK.

    September 29, 2023

    National Minimum Wage Exemption For Domestic Workers In The UK Ends.

    September 29, 2023

    New ICO Guidance On Processing Health Data In The UK.

Footer

Conventus Law
  • Facebook
  • Twitter
  • Linkedin

CONVENTUS LAW

  • About Us
  • Explore
  • Video
  • Events
  • Contact Us
  • Jurisdiction Channel
  • Practice Area Channel
  • Industry Channel
  • Law Firms
  • Business Of Law
  • Special Reports

OTHERS

CONVENTUS DOCS
CONVENTUS PEOPLE

3/f, Chinachem Tower 34-37 Connaught Road Central, Central, Hong Kong

social@conventuslaw.com

Terms of use | Privacy statement © 2023 Conventus Law. All Rights Reserved.