Global Data and Cyber Handbook

Indonesia

Select a Topic
Start Comparison
Data localization and regulation of non-personal data
Jump to
Data localization and regulation of non-personal data Start Comparison
Are there data localization/data residency or other types of laws that may require the retention and storage of data in the local jurisdiction, or prohibit the transfer of data out of the jurisdiction?

Last review date: 13 January 2025

  Data localization / data residency laws that mandate retention of personal data or a copy thereof in the local jurisdiction (include whether copies or the original data may also be stored outside of the jurisdiction):

GR 71 classifies electronic system operators into two categories, i.e., public electronic system operators (e.g., government institutions and their appointed parties) and private electronic system operators (e.g., private companies).

Only public electronic system operators must process and store personal data exclusively in Indonesia. In general, private electronic system operators can process and store personal data offshore provided that they maintain the effectiveness of legal enforcement and monitoring in Indonesia (e.g., by providing access to data if there is a valid request from government authorities or legal enforcers). However, if the private electronic system operators are bound by sectoral regulations (e.g., financial services sector), they may be required to process and store personal data in Indonesia only.

☒  Other laws that may require the retention and storage of personal data (including, for example, where such data is part of another type of record or dataset) in the local jurisdiction or otherwise prohibit the transfer or disclosure of the personal data outside of the local jurisdiction

☒  tax or financial record laws

Does law or regulation impose mandatory requirements to share or make accessible non-personal data?

Last review date: 13 January 2025

☒  Obligation for private organizations to share or make accessible non-personal health data

Under Government Regulation No. 28 of 2024 on Implementing Regulation of Law No. 17 of 2023 on Health ("GR 28"), health information system organizers are required to locate its data centers within Indonesian territory and be connected with the Indonesian national data center.

What specific obligations do these data-sharing rules impose on private organizations?

Last review date: 13 January 2025

  Obligation to standardize products or services to facilitate data portability or interoperability

GR 28 stipulates that transfers of health data and health information between health information system organizers must be carried out through the national health information system.

{{ $store.state.loadingScreen.message }} ...