English | 中文 | 下载审德中文简介 



A Journey to PDP Law Compliance: Data Privacy Transfer in Indonesia

Data is a valuable currency in this new world. In the midst of digital transformation, the Indonesian government has taken the final decision to pass the Pelindungan Data Pribadi (PDP) Bill by September 2022. The PDP Law applies to all businesses established in Indonesia and puts the consumer in control. The task of complying with this regulation falls upon businesses. Prior to the PDP Law, there was no protection for data privacy under the law in Indonesia. The newly enacted PDP Law may attract more investment to Indonesia. Regulation in Indonesia continues to develop to make doing business easier, as well as to protect the public interest.

The PDP Law affects a variety of business operations. Business institutions across the country rely on sharing data, often customer information, to conduct marketing activities, to measure customer financial capabilities, to measure customer shopping habits, to measure product outcomes or to evaluate the product satisfaction rates. This article will describe how the newly enacted PDP Law regulates data privacy transfer.

Pursuant to the PDP Law, “Personal Data” is defined as any data about individuals identified or identifiable individually or in combination with other information either directly or indirectly through electronic or non-electronic systems. In carrying out the protection of personal data in Indonesia, there are two interrelated parties, namely the subject of personal data and the controller of the personal data. The subject of personal data is an individual to whom personal data is attached. Meanwhile, the controller of personal data is any person, public body or international organization that acts individually or jointly in determining the purpose and carrying out control over the processing of personal data. Everyone in this case is an individual or corporation, while a public body means an institution related to the administration of the state.

The subject of personal data has the right to obtain information about clarity of identity, the basis of legal interests for the purpose of the request and use of personal data, as well as the accountability of the party requesting the personal data. The purpose and use of personal data other parties must be known by the owner of the personal data. The personal data controller must obtain explicit, valid consent from the personal data subject in order to be able to process the personal data.

Pursuant to the data privacy transfer, according to Article 55 paragraph (1) of the PDP Law, the personal data controller may transfer personal data to other personal data controllers in the jurisdiction of Indonesia. Meanwhile, in transferring personal data and those who receive personal data transfers, they are required to protect the personal data as stipulated in the PDP Law.

Thus, we can convey that, basically, the transfer of personal data between companies in the territory of Indonesia is allowed as long as it is in accordance with the provisions of the PDP Law, such as the consent from the personal data subject has been in accordance with the conditions for obtaining data subject's data. In addition, the transfer or sharing of personal data between companies must be in accordance with the principles of personal data protection, such as protection from unauthorized access or leakage of personal data (unauthorized disclosure).

How Schinder Can Help

Schinder Law Firm is a leading corporate law firm in Indonesia, addressing commercial disputes and general corporate matters, which covers PDP Law compliance services. Our team of corporate lawyers and dispute lawyers have forged a reputation for assisting various clients across the globe. Moreover, our Privacy, Data Protection and Cybersecurity practice group is a pioneer in providing data privacy law services in Indonesia. As Indonesian business lawyers, we have extensive experience providing daily legal services in commercial contracts, and law and regulatory compliance. If you have inquiries related to PDP Law Compliance, please feel free to send a message to info@schinderlawfirm.com.

Author: Budhi Satya Makmur

Schinder Consultant London Ltd.


Welcome to our London office, where a cadre of seasoned professionals is dedicated to providing an unparalleled standard of sophisticated legal services to a discerning global clientele. Our overarching mission is to facilitate the realization of your international life and business objectives with the utmost precision and finesse, ensuring a seamless integration into your new environment.
In the domain of our proficiency, we present a meticulously curated portfolio of services that extends across diverse sectors, encompassing investment immigration, real estate investment, educational consulting, concierge services, wealth management, and lifestyle services. Our commitment lies in the delivery of holistic, one-stop solutions that surpass conventional boundaries, attending to the intricate nuances of your distinctive needs with a prideful dedication to excellence. We embrace a commitment to excellence, striving to not only meet but exceed the expectations.