JAKARTA— Indonesia’s commitment to strengthening personal data governance was reaffirmed through the 3rd Indonesia Annual Data Protection Summit 2025, held on Wednesday, 17 December 2025, at Oakwood Premier Cozmo Jakarta. Organized by the Association of Personal Data Protection Professionals Indonesia (APPDI), the annual forum served as a strategic platform for cross-sector stakeholders to examine challenges, implementation issues, and policy directions in data protection amid rapid digital transformation.
Carrying the theme “The Business of Data Protection | Turning Compliance into Competitive Advantage,” the summit brought together regulators, legal practitioners, industry leaders, academics, and information technology professionals from Indonesia and abroad. Discussions focused on the implementation of Indonesia’s Personal Data Protection Law (PDP Law), institutional readiness across the public and private sectors, and compliance with evolving global data protection standards.
Held in a hybrid format, the event combined in-person participation with online attendance via Zoom Webinar, while also being live-streamed through the APPDI YouTube Channel. Strong audience engagement was evident throughout the day, with participants actively raising questions and contributing to discussions during every session.
Compliance as a Competitive Strategy
The summit opened with a keynote address by Dr. Ir. I.B. Putra Jandhana, President Director of PT Trimitra Cipta Selaras, titled “Enhancing Organizational Competitiveness Through Data Protection Compliance.” He emphasized that data protection should no longer be viewed solely as a regulatory obligation, but as a strategic business function that builds trust, strengthens organizational resilience, and enhances long-term competitiveness.
The Illusion of Compliance and Reputational Risk
The first speaker session was opened by Marini Sulaeman, Co-Founder and Managing Director of GND Cyber Solutions, who delivered a business perspective in her presentation, “The Illusion of Safety: When Compliance Fails and Reputation Dies.” She highlighted how compliance approaches that focus primarily on procedures and documentation can create a false sense of security, while reputational and operational risks continue to grow beyond formal compliance frameworks.
The session continued with Sarah Bakar, Regional Personal Data Specialist at Carousell Group, who presented “From Checklist to Culture.” She stressed the importance of shifting data protection from a compliance checklist into an embedded organizational culture across all business functions.
Closing the session, Rahim Jamaludin, Head of Data Privacy at Petronas Dagangan Berhad, shared a corporate perspective on how failures in data protection can undermine stakeholder trust and business sustainability, prompting active questions from both on-site and online participants.
Cross-Border Data and Global Pressures
The second session was opened by Prof. Abu Bakar Munir, Co-Founder of APPDI, with his presentation “Data Without Borders: When National Pride Meets Global Pressure.” He examined the tension between national data sovereignty and the realities of an increasingly interconnected global digital economy.
The discussion was followed by Monica Nila Sari, Head of Strategic Partnership at GND Cyber Solutions, who addressed “Data Without Borders: Balancing Sovereignty, Technology and Global Interoperability.” Both presentations sparked critical questions from attendees regarding cross-border data transfers and regulatory alignment across jurisdictions.
Cyber Risk as a Strategic Business Threat
The third session positioned cyber risk as a strategic business issue rather than a purely technical concern. Larasita opened the session by emphasizing that not all cyber threats originate from external attackers, highlighting the role of human behavior, internal processes, and governance weaknesses as hidden sources of risk.
She was followed by Kevin Oktavian, Chief Executive Officer of IFCG and Senior Consultant at Premysi, who delivered “The Breach You Didn’t See Coming,” explaining how overlooked operational and human risks can escalate into major incidents.
The session concluded with Sanjeev Gathani, CEO of BBG APAC Pte Ltd, who warned that unmanaged cyber risks can become silent business killers. The session generated lively discussion, particularly around risk mitigation strategies and organizational preparedness.
Legal and Privacy Challenges in the Age of AI
Legal implications of emerging technologies were explored in the fourth session. Prof. Dr. IBR Supancana, Co-Founder of APPDI, presented “Legal Implications on the Utilization of Artificial Intelligence Toward Personal Data Protection,” highlighting regulatory gaps, accountability challenges, and the protection of data subject rights in AI-driven systems.
The discussion was complemented by Sanjeev Gathani in “AI Privacy and the Death of Trust,” which raised concerns over data ownership and public trust in the age of machine intelligence. Audience engagement remained high, with participants questioning future regulatory approaches to AI governance.
Industry Practice and Legitimate Interest
The summit concluded with a special industry session by Metri Arrum, ID Privacy Director at Grab Indonesia, who discussed “Legitimate Interest and Its Implementation in Indonesia.” The session drew strong interest from participants seeking practical guidance on lawful data processing within large-scale digital business operations.
The event was supported by Grab Indonesia, A&Co Law Office, Karya Siber Mandiri, Schinder Law Firm, Bali International Arbitration & Mediation Center (BIAMC), and Nusantara Bisnis Konsultan Indonesia (NBK). With substantive dialogue, cross-sector participation, and sustained audience interaction, the 3rd Indonesia Annual Data Protection Summit 2025 underscored that personal data protection has evolved into a strategic national agenda, closely linked to legal certainty, digital economic competitiveness, and the protection of fundamental rights.
