The Ministry of Communication and Digital Application (Komdigi) is set to launch Indonesia's long-awaited Personal Data Protection (PDP) Authority by August 2025 as the regulatory process is currently in the harmonization phase, with officials reviewing more than 200 articles in the Personal Data Protection Law (UU PDP).

“There are more than 200 articles in the PDP Law. Each of these must be carefully reviewed, and we hope to finalize this process by August at the latest,” Deputy Minister of Communication and Digital Application, Nezar Patria, told reporters on Monday, July 28, 2025.

The establishment of the PDP Authority is deemed essential to ensure lawful and secure handling of personal data, especially in the context of cross-border data transfers, such as the recently proposed transfer of Indonesian citizens’ data to the United States. Without a dedicated oversight body, such transfers risk violating domestic data protection regulations.

Although the PDP Law was enacted in October 2022, the supervisory body mandated under the law has yet to be formed. According to Article 58, Paragraph 2, the authority must be established no later than two years after the law comes into effect.

Once established, the PDP Authority will be tasked with setting policies and strategies for personal data protection, monitoring compliance, enforcing administrative penalties for violations, and facilitating non-judicial dispute resolution.

Its legal mandate also grants it wide-ranging powers, namely:

1. Formulate and enforce data protection policies;

2. Oversee compliance by data controllers and processors;

3. Impose administrative sanctions on violators;

4. Assist law enforcement in cases involving personal data crimes;

5. Cooperate with foreign data protection bodies on cross-border cases;

6. Evaluate and approve cross-border data transfers;

7. Conduct audits and inspections of electronic systems used by data handlers;

8. Summon individuals or organizations for investigations;

9. Demand access to relevant documents and systems;

10. Publish findings from its supervisory activities; and

Request legal support from the Attorney General’s Office in resolving data disputes.

The urgency to finalize the PDP Authority has resurfaced following a bilateral agreement that would allow Indonesian citizen data to be transferred to the United States. The agreement emerged as part of a broader negotiation package under the Donald Trump administration aimed at reducing tariffs on Indonesian exports.

The upcoming establishment of the PDP Authority is expected to strengthen Indonesia’s data governance framework, while ensuring citizen data remains protected both domestically and abroad.