Indonesia to draft regulations to establish penalties for personal data violations

Indonesia is developing derivative regulations for personal data protection, including fines of up to 2 percent of annual revenue for non-compliant companies, with the details still being finalized. The fines will be implemented from October 2024, while warnings and suggestions will be given to violators in the interim.


The government of Indonesia is in the process of creating derivative regulations for the personal data protection law, which will include information about administrative fines. President Joko Widodo signed the law last year, which specifies that companies can be fined up to 2 percent of their annual revenue for non-compliance. However, the specific details of the fines are still being developed in the ongoing drafting process.

A senior official from the Communications Ministry, Semuel Abrijani Pangerapan, stated that the Jakarta Government’s regulation on personal data protection would be presented in September 2023. Individuals who violate the law will only be liable for fines starting October 2024. Until then, warnings and suggestions would be made to force violators to improve and adapt to new consequences.