There is no specific data privacy regulator in Indonesia. Multiple government agencies are involved, depending on the applicable laws and regulations. While the Ministry of Communications and Informatics has overall responsibility for data privacy, the government authority for financial institutions, including insurance companies, is the Financial Services Authority (OJK).

The main regulation is the Ministry of Communication Regulation No. 20 of 2016 on Personal Data Protection in Electronic Systems (Regulation 20), as are the provisions under Law No. 11 of 2008 on Electronic Information and Transactions (EIT Law) and its implementing regulation, that is, Government Regulation No. 82 of 2012 on the Implementation of Electronic Systems and Transactions (GR 82).

For insurance companies the regulations issued by the OJK are OJK Circular Letter No 14/SEOJK.07/2014 on Confidentiality and Security of Consumers' Private Information and/or Data (Circular 14), OJK Regulation No 69/SEOJK.05/2016 on Business Implementation of
Insurance Companies (Regulation 69) and the Financial Services Authority Regulation No. 1/Pojk.07/2013 on Protection for Financial Sector Consumers (Consumer Protection Regulation).