Indonesia

Currently, the laws, regulations and regulatory requirements related to personal data protection in Indonesia are as follows:

● Law No. 27 of 2022 concerning Personal Data Protection (PDP Law): This law was submitted to the Indonesian Parliament in 2020, which promulgated the law on October 17, 2022. The provisions of this law are based on the GDPR and introduce some concepts stipulated in the GDPR. (e.g., concepts of data controllers and data processors, classification of general and specific personal data). As a special regulation for the protection of personal data in Indonesia, the PDP Law has changed the fragmented situation of the country's previous personal data protection regulations and made them more systematic. According to the PDP Law, after the law takes effect, all laws and regulations related to personal data protection in Indonesia shall remain valid without violating the provisions of the PDP Law.

● Law No. 11 of 2008 regarding Electronic Information and Transactions (EIT): This law was issued in 2008, and was later amended in 2016. It establishes requirements for electronic information, records, signatures, the provision of electronic systems and electronic certifications, electronic transactions, domains, intellectual properties, privacy protection rights, etc.

● Government Regulation No.71 of 2019 (GR71/2019): This regulation was issued in October 2019, and amended Government Regulation No.82 of 2012 Concerning Electronic System and Transaction Operation. It sets requirements on electronic system operation, electronic agencies, electronic transaction operation, electronic certification operation, reliability certification institutions, domain management, etc.

● Minister of Communications & Informatics Regulation No.20 of 2016 regarding the Protection of Personal Data in an Electronic System (MOCI 20/2016): This regulation was issued in December 2016. As the implementation method of personal data protection requirements in EIT, it establishes requirements on the obtainment and collection, processing and analysis, storage, disclosure of personal data, personal data owners' rights, electronic system operators' obligations, etc.

For details about how Huawei Cloud complies with these requirements and how you can securely build cloud services that comply with these regulations, see the HUAWEI CLOUD Compliance with Indonesia Privacy Protection Regulations.

Huawei Cloud is committed to providing you with secure and compliant infrastructure and services. Each service has built-in security features and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and services it provides have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

You are also responsible for compliance with the applicable regulatory requirements for your workloads on the cloud.

You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.

For more security and compliance issues, contact your account manager or Huawei Cloud.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, including:

• Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF), and more

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management),TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3(for audit)

Learn more from Compliance Certificates in the Compliance Center.