DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

๐Ÿ‡ฎ๐Ÿ‡ฉ Indonesia

PDP Law

Personal Data Protection Law (Law 27 of 2022)

In short
Indonesia's PDP Law is a GDPR-inspired consent regime. Processing based on consent requires valid, explicit and informed consent recorded clearly, with stricter handling for specific categories of personal data.
Region

Indonesia

Status

Enacted 2022, transition through 2024

Group

Asia & Africa

Who must comply

Public and private data controllers and processors that process personal data of individuals in Indonesia, including those abroad with effects on people in Indonesia.

Penalties

Administrative fines up to 2% of annual revenue, plus criminal penalties and corporate fines for unlawful collection or disclosure.

Key obligations

  • Obtain valid, explicit and recorded consent where it is the basis
  • Provide clear notice of purpose and retention
  • Honor access, correction, erasure and objection rights
  • Appoint a data protection officer for certain processing
  • Notify breaches to the authority and affected individuals within the required time

How ConsentX helps

Explicit, recorded opt-in consent capture

Clear purpose and retention notice

Rights request workflow with evidence

Consent receipts for audit

Region rule engine tuned for Indonesia

Get PDP Law ready with ConsentX

Get started free Book a demo

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with PDP Law using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under PDP Law.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that PDP Law requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a PDP Law audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does Indonesia's PDP Law require explicit consent?+

Where consent is the basis it must be valid, explicit, informed and clearly recorded.

When does Indonesia's PDP Law fully apply?+

The law was enacted in 2022 with a transition period running through 2024 for organizations to comply.

Countries under PDP Law

๐Ÿ‡ฎ๐Ÿ‡ฉ Indonesia

Other regulations

๐Ÿ‡ช๐Ÿ‡บ GDPR๐Ÿ‡ฌ๐Ÿ‡ง UK GDPR๐Ÿ‡บ๐Ÿ‡ธ CCPA / CPRA๐Ÿ‡บ๐Ÿ‡ธ VCDPA๐Ÿ‡บ๐Ÿ‡ธ Colorado CPA๐Ÿ‡บ๐Ÿ‡ธ CTDPA๐Ÿ‡บ๐Ÿ‡ธ UCPA๐Ÿ‡บ๐Ÿ‡ธ TDPSA๐Ÿ‡บ๐Ÿ‡ธ Oregon OCPA๐Ÿ‡บ๐Ÿ‡ธ Montana MCDPA๐Ÿ‡บ๐Ÿ‡ธ Florida FDBR๐Ÿ‡ง๐Ÿ‡ท LGPD๐Ÿ‡จ๐Ÿ‡ฆ PIPEDA๐Ÿ‡ฎ๐Ÿ‡ณ DPDPA๐ŸŒ PDPA๐Ÿ‡ฟ๐Ÿ‡ฆ POPIA๐Ÿ‡จ๐Ÿ‡ญ FADP๐Ÿ‡จ๐Ÿ‡ฆ Law 25๐Ÿ‡ฒ๐Ÿ‡ฝ LFPDPPP๐Ÿ‡ฆ๐Ÿ‡ท PDPL๐Ÿ‡จ๐Ÿ‡ฑ Law 21.719๐Ÿ‡จ๐Ÿ‡ด Law 1581๐Ÿ‡ต๐Ÿ‡ช Law 29733๐Ÿ‡บ๐Ÿ‡พ Law 18.331