TheArtOfService
Back to Frameworks

Indonesia PDP Law

Self-Assess
Indonesia
v2022
10 domains
10 controls

Personal Data Protection Law of Indonesia

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (10)

Indonesia PDP Controller Obligations (Art 20-46)

1 controls
Controls in the Indonesia PDP Controller Obligations (Art 20-46) domain of Indonesia PDP Law1 controls
CodeTitle
IDPdp-Controller-DPO-ROPA-DPIA-PrivacyByDesign-Art20to46-Accuracy-AccountabilityIndonesia PDP Articles 20-46 + Controller Obligations + DPO Appointment + ROPA + DPIA + Privacy by Design + Accuracy + Accountability + Risk Assessment + Documentation

Indonesia PDP Data Subject Rights (Art 5-15)

1 controls
Controls in the Indonesia PDP Data Subject Rights (Art 5-15) domain of Indonesia PDP Law1 controls
CodeTitle
IDPdp-DataSubjectRights-Art5to15-Access-Correction-Erasure-Portability-Object-Withdraw-AutomatedIndonesia PDP Articles 5-15 + Data Subject Rights + Access + Correction + Erasure + Portability + Object + Withdraw Consent + Automated Decision-Making + Damages Claim + Identity Verification + Response 3 Days

Indonesia PDP Enforcement + Sanctions (Art 57-73)

1 controls
Controls in the Indonesia PDP Enforcement + Sanctions (Art 57-73) domain of Indonesia PDP Law1 controls
CodeTitle
IDPdp-Enforcement-Sanctions-Administrative-Criminal-Art56to69-DPAgency-Fine-Imprisonment-IDR6bnIndonesia PDP Articles 57-73 + Enforcement + Administrative Sanctions + Criminal Sanctions + Fines IDR Up to 6 Billion + Imprisonment Up to 6 Years + DPA Investigation + Damages Claims + Prohibitions

Indonesia PDP Lawful Basis (Art 16-19)

1 controls
Controls in the Indonesia PDP Lawful Basis (Art 16-19) domain of Indonesia PDP Law1 controls
CodeTitle
IDPdp-LawfulBasis-Notice-Consent-PurposeLimitation-DataMinimisation-Art16to19-ExplicitConsentIndonesia PDP Articles 16-19 + Lawful Basis + Notice + Explicit Consent + Purpose Limitation + Data Minimisation + 6 Lawful Bases + Withdrawal + Transparency

Indonesia PDP Marketing + Profiling

1 controls
Controls in the Indonesia PDP Marketing + Profiling domain of Indonesia PDP Law1 controls
CodeTitle
IDPdp-Marketing-Profiling-DirectCommunication-Art18-OptOut-PreferenceCenter-CookiesIndonesia PDP Marketing + Profiling + Direct Communication + Article 18 Marketing Consent + Opt-Out + Preference Center + Cookies + Tracking Technologies + Behavioural Advertising

Indonesia PDP Processor + Cross-Border (Art 51 + 56)

1 controls
Controls in the Indonesia PDP Processor + Cross-Border (Art 51 + 56) domain of Indonesia PDP Law1 controls
CodeTitle
IDPdp-Processor-Contracts-DPA-Vendor-Art51-Subprocessor-Audit-Confidentiality-EndOfContractIndonesia PDP Articles 47-56 + Personal Data Processor + DPA Contracts + Subprocessor Approval + Cross-Border Transfer Adequacy/BCR/Consent + Indonesian Representative

Indonesia PDP Scope + UU 27/2022

1 controls
Controls in the Indonesia PDP Scope + UU 27/2022 domain of Indonesia PDP Law1 controls
CodeTitle
IDPdp-Scope-UU27-2022-Joko-Widodo-17Oct2022-Effective-17Oct2024-MoCom-DPA-ExtraterritorialIndonesia PDP Law Scope + UU No. 27 of 2022 (UU PDP) + President Joko Widodo 17 October 2022 + 2-Year Transition + Effective 17 October 2024 + MoCom DPA + Extraterritorial Application + 76 Articles + 16 Chapters

Indonesia PDP Security + Breach (Art 39 + 46)

1 controls
Controls in the Indonesia PDP Security + Breach (Art 39 + 46) domain of Indonesia PDP Law1 controls
CodeTitle
IDPdp-Security-BreachNotification-72Hour-Art39-Art46-Encryption-Pseudonymisation-Records-IRIndonesia PDP Article 39 + Article 46 + Reasonable Security + Encryption + Pseudonymisation + Personal Data Breach Notification 3x24 Hours (72 Hours) to DPA + Data Subjects + IR Plan + Records

Indonesia PDP Sensitive + Children

1 controls
Controls in the Indonesia PDP Sensitive + Children domain of Indonesia PDP Law1 controls
CodeTitle
IDPdp-SpecificData-SensitiveData-Children-Art4-Art25-Consent-COPPA-VerifiableParentalIndonesia PDP Article 4 + Article 25 + Specific Personal Data (Sensitive) + Health + Biometric + Genetic + Crime + Financial + Child + Verifiable Parental Consent + Best Interests of Child

Indonesia PDP Training + Coord + Transition

1 controls
Controls in the Indonesia PDP Training + Coord + Transition domain of Indonesia PDP Law1 controls
CodeTitle
IDPdp-Training-Awareness-Coord-ASEAN-SingaporePDPA-APEC-CBPR-GDPR-Art70to76-MoCom-TransitionIndonesia PDP Training + Awareness + Indonesian Representative + Lembaga PDP Transition + Coordination ASEAN/Singapore PDPA/APEC CBPR/GDPR/India DPDP/Cross-Sectoral OJK/BI/BSSN

Your Compliance Coverage

If you comply with Indonesia PDP Law, you already cover:

Privacy Act 1988 (Australia)

70%

7 controls mapped

Compare →

Ley Orgánica de Protección de Datos Personales (LOPDP)

70%

7 controls mapped

Compare →

Law No. 172-13 on the Protection of Personal Data

70%

7 controls mapped

Compare →

+ 102 more: Iowa Consumer Data Protection Act (70%), APPI (70%)

See all 105 mapped frameworks ↓

Maps to 105 other frameworks

10 total controls
Privacy Act 1988 (Australia)
7 source controls mapped|6 target controls covered
70%
Ley Orgánica de Protección de Datos Personales (LOPDP)
7 source controls mapped|5 target controls covered
70%
Law No. 172-13 on the Protection of Personal Data
7 source controls mapped|4 target controls covered
70%
Iowa Consumer Data Protection Act
7 source controls mapped|7 target controls covered
70%
APPI
7 source controls mapped|11 target controls covered
70%
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
7 source controls mapped|8 target controls covered
70%
Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018)
7 source controls mapped|5 target controls covered
70%
Indiana Consumer Data Protection Act
7 source controls mapped|6 target controls covered
70%
Bahrain PDPL
7 source controls mapped|13 target controls covered
70%
ISO/IEC 27400:2022
6 source controls mapped|7 target controls covered
60%
FTC GLBA Safeguards Rule (16 CFR Part 314)
6 source controls mapped|3 target controls covered
60%
Azure Security Benchmark
6 source controls mapped|7 target controls covered
60%
Pakistan Personal Data Protection Bill 2023
5 source controls mapped|5 target controls covered
50%
BSI IT-Grundschutz
5 source controls mapped|10 target controls covered
50%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
5 source controls mapped|7 target controls covered
50%
Barbados Data Protection Act 2019
5 source controls mapped|6 target controls covered
50%
OWASP DevSecOps Maturity Model (DSOMM)
4 source controls mapped|5 target controls covered
40%
FFIEC IT Examination Handbook
4 source controls mapped|5 target controls covered
40%
APRA CPS 234
4 source controls mapped|5 target controls covered
40%
Vietnam Law on Cybersecurity (No. 24/2018/QH14)
4 source controls mapped|2 target controls covered
40%
OWASP Top 10:2025
4 source controls mapped|4 target controls covered
40%
Annex 11 to EU GMP - Computerised Systems
4 source controls mapped|3 target controls covered
40%
API 1164
4 source controls mapped|7 target controls covered
40%
ASD Strategies to Mitigate Cyber Security Incidents
4 source controls mapped|4 target controls covered
40%
NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)
4 source controls mapped|9 target controls covered
40%
IEEE 1686
4 source controls mapped|2 target controls covered
40%
IAEA Nuclear Security Series - Computer Security at Nuclear Facilities (NSS-17-T Rev 1)
4 source controls mapped|3 target controls covered
40%
ISO/IEC 27010:2015
4 source controls mapped|4 target controls covered
40%
AWS Well-Architected Security Pillar
4 source controls mapped|6 target controls covered
40%
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule
3 source controls mapped|3 target controls covered
30%
US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements
3 source controls mapped|1 target controls covered
30%
TEFCA - Trusted Exchange Framework and Common Agreement
3 source controls mapped|1 target controls covered
30%
Protective Security Policy Framework (PSPF) Release 2024
3 source controls mapped|3 target controls covered
30%
Nevada Gaming Control Board Cybersecurity Requirements
3 source controls mapped|4 target controls covered
30%
NIST AI Risk Management Framework (AI RMF 1.0)
3 source controls mapped|3 target controls covered
30%
Canada ITSG-33 - IT Security Risk Management
3 source controls mapped|1 target controls covered
30%
APRA CPS 230 Operational Risk Management
3 source controls mapped|2 target controls covered
30%
FFIEC Cybersecurity Assessment Tool (CAT)
3 source controls mapped|3 target controls covered
30%
ASIS SPC.1-2009 - Organizational Resilience Standard
3 source controls mapped|2 target controls covered
30%
ISO/IEC 29147:2018
3 source controls mapped|2 target controls covered
30%
COSO Internal Control - Integrated Framework (2013)
3 source controls mapped|2 target controls covered
30%
IEEE 7000
3 source controls mapped|4 target controls covered
30%
Vermont Artificial Intelligence and Consumer Data Act (AICDA)
3 source controls mapped|3 target controls covered
30%
ISO/IEC 27011:2024
3 source controls mapped|6 target controls covered
30%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
3 source controls mapped|4 target controls covered
30%
AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)
3 source controls mapped|5 target controls covered
30%
CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0
3 source controls mapped|5 target controls covered
30%
DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition)
3 source controls mapped|5 target controls covered
30%
US Maritime Transportation Security Act (MTSA) and USCG Cybersecurity Requirements
2 source controls mapped|1 target controls covered
20%
Singapore Cybersecurity Act 2018
2 source controls mapped|1 target controls covered
20%
ISO/IEC 30111:2019
2 source controls mapped|2 target controls covered
20%
NIST SP 800-171
2 source controls mapped|1 target controls covered
20%
NIST Special Publication 800-34 Revision 1, Contingency Planning Guide for Federal Information Systems
2 source controls mapped|2 target controls covered
20%
ISO/IEC 29134:2023
2 source controls mapped|3 target controls covered
20%
ISO/IEC 27014:2020
2 source controls mapped|2 target controls covered
20%
Russia Federal Law on Personal Data (152-FZ)
2 source controls mapped|2 target controls covered
20%
South Korea PIPA
2 source controls mapped|2 target controls covered
20%
Italy Personal Data Protection Code (Legislative Decree No. 196/2003, amended 2018)
2 source controls mapped|3 target controls covered
20%
Azerbaijan Law on Personal Data (2010)
2 source controls mapped|4 target controls covered
20%
Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018)
2 source controls mapped|6 target controls covered
20%
GDPR
2 source controls mapped|6 target controls covered
20%
FBI CJIS Security Policy
2 source controls mapped|3 target controls covered
20%
Albania Law on Protection of Personal Data (Law No. 9887, 2008, amended 2014)
2 source controls mapped|4 target controls covered
20%
ICAO Annex 17 - Aviation Security (AVSEC)
2 source controls mapped|2 target controls covered
20%
IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2)
2 source controls mapped|2 target controls covered
20%
Florida Digital Bill of Rights (FDBR)
2 source controls mapped|2 target controls covered
20%
OWASP ASVS
2 source controls mapped|4 target controls covered
20%
OWASP API Security Top 10 - 2023
2 source controls mapped|2 target controls covered
20%
MITRE D3FEND
2 source controls mapped|1 target controls covered
20%
ISO/IEC 23837 - Security Requirements for Quantum Key Distribution
2 source controls mapped|4 target controls covered
20%
IEC 62351 - Power Systems Communication Security
2 source controls mapped|2 target controls covered
20%
Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)
2 source controls mapped|1 target controls covered
20%
Regulation on the European Health Data Space (EHDS)
1 source controls mapped|1 target controls covered
10%
FedRAMP High
1 source controls mapped|1 target controls covered
10%
NIST SP 800-53 Revision 5.1 HIGH
1 source controls mapped|1 target controls covered
10%
FedRAMP Moderate
1 source controls mapped|1 target controls covered
10%
NIST SP 800-53 Rev 5 MODERATE
1 source controls mapped|1 target controls covered
10%
NIST SP 800-53 Rev 5 LOW
1 source controls mapped|1 target controls covered
10%
UK Defence Standard 05-138 - Cyber Security for Defence Suppliers
1 source controls mapped|1 target controls covered
10%
PCAOB AS 2201 - Audit of Internal Control Over Financial Reporting (ICFR)
1 source controls mapped|2 target controls covered
10%
Law on Personal Data Protection (Official Gazette No. 42/2020)
1 source controls mapped|1 target controls covered
10%
ISO/IEC 27031:2011
1 source controls mapped|1 target controls covered
10%
AML/CTF Act 2006 (Australia)
1 source controls mapped|1 target controls covered
10%
French Sapin II Law (Law No. 2016-1691)
1 source controls mapped|2 target controls covered
10%
German Supply Chain Due Diligence Act (LkSG)
1 source controls mapped|2 target controls covered
10%
NIST Post-Quantum Cryptography Standards (FIPS 203, 204, 205)
1 source controls mapped|1 target controls covered
10%
ISO 19011
1 source controls mapped|2 target controls covered
10%
ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence
1 source controls mapped|2 target controls covered
10%
ISO 31000:2018
1 source controls mapped|2 target controls covered
10%
AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence
1 source controls mapped|1 target controls covered
10%
ISO 27005
1 source controls mapped|1 target controls covered
10%
ISO 20000-1
1 source controls mapped|1 target controls covered
10%
ISO/IEC 29115:2023 - Entity Authentication Assurance Framework
1 source controls mapped|1 target controls covered
10%
FIDO2 / WebAuthn
1 source controls mapped|1 target controls covered
10%
USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement)
1 source controls mapped|2 target controls covered
10%
US Children's Online Privacy Protection Act (COPPA) and COPPA 2.0 Proposed Updates
1 source controls mapped|1 target controls covered
10%
Tennessee Information Protection Act (TIPA)
1 source controls mapped|3 target controls covered
10%
NIS2 Directive Implementing Acts
1 source controls mapped|1 target controls covered
10%
Australian Privacy Principles (APPs)
1 source controls mapped|3 target controls covered
10%
Armenia Law on Protection of Personal Data (2015)
1 source controls mapped|3 target controls covered
10%
Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019)
1 source controls mapped|1 target controls covered
10%
ISO/IEC 29100:2024
1 source controls mapped|3 target controls covered
10%
Illinois Biometric Information Privacy Act (BIPA)
1 source controls mapped|1 target controls covered
10%
ISO/IEC 38500:2024 - Governance of IT
1 source controls mapped|1 target controls covered
10%
IATA Operational Safety Audit (IOSA) Standards Manual
1 source controls mapped|1 target controls covered
10%
Compare Indonesia PDP Law with Privacy Act 1988 (Australia)

Frequently Asked Questions

What is Indonesia PDP Law?

Indonesia PDP Law is a compliance framework from Indonesia with 10 domains and 10 controls. Personal Data Protection Law of Indonesia It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Indonesia PDP Law have?

Indonesia PDP Law has 10 controls organised across 10 domains. The largest domains are Indonesia PDP Controller Obligations (Art 20-46) (1 controls), Indonesia PDP Data Subject Rights (Art 5-15) (1 controls), Indonesia PDP Enforcement + Sanctions (Art 57-73) (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Indonesia PDP Law map to?

Indonesia PDP Law maps to 105 other compliance frameworks. The top mapping partners are Privacy Act 1988 (Australia) (70% coverage), Ley Orgánica de Protección de Datos Personales (LOPDP) (70% coverage), Law No. 172-13 on the Protection of Personal Data (70% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with Indonesia PDP Law compliance?

Start your Indonesia PDP Law compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Indonesia PDP Law requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 10 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.

Get Started Free →

Free forever — no credit card required