Securiti Launches Industry’s First Solution To Automate Compliance


Indonesia’s Personal Data Protection Law (PDPL) Infographic

This infographic gives you a better understanding of the following:

  • Key obligations for organizations under the PDPL
  • The administrative and criminal sanctions for organizations found in breach of the PDPL
  • Data subject rights for Indonesians and who enforces these rights


Award-winning technology, built by a proven team, backed by confidence. Learn more.

On September 20, 2022, the Indonesian parliament formally passed the Protection of Personal Data Law (PDPL), intending to empower all Indonesians with a broader degree of control over their data online.

The law provides both data controllers and data processors with a transition period of two years to ensure their data handling and processing activities comply with the new law's provisions. Additionally, the PDPL obligates all organizations to adopt a strict consent management regime to ensure any and all data collected is done so only after explicit valid consent from the data subject.

This infographic gives you insights into the range of new data subject rights, specific data-related obligations for organizations, and the administrative penalties per the PDPL.

Indonesia’s Personal Data Protection Law (PDPL)

Our Readers Frequently Ask:

The PDPL deals with personal data. Per the PDPL, there are two types of personal data, either general or specific in nature. General data includes full name, gender, religion, marital status, etc. At the same time, specific personal data includes an individual's biometric data, genetic data, criminal records, and financial data. Any other kind of data or information not covered by the PDPL under these two categories is not covered by the PDPL.

In essence, a breach of privacy is any instance where a user's personal information is stolen, lost, used, or disclosed without proper permission. For an organization, a breach of privacy is any data breach that may jeopardize the security of the data it has collected over its users.

The PDPL applies to every person, corporation, public body, or international organization located within or outside the Republic of Indonesia. However, the processing of personal data by individuals in personal or household activities is exempt per the PDPL.

All-in-One Solution For Your Business Needs

The Multi-disciplinary practice to grow trust-equity of your brand and comply with privacy regulations

Top 7 Employer’s Privacy Obligations

Discover employer privacy obligations in the remote work era. Download our white paper for insights today.

8 Privacy Tips for a Successful Marketer

Explore 8 privacy tips by Securiti experts for ethically collecting personal data in marketing.

The 7 Sins of Data Privacy Management

Find out why following data compliant practices from the experts is important, and learn how to begin protecting data privacy today.