Conflict of Norms on the Implementation of Personal Data Protection in Insurance Companies in Indonesia

Authors

  • Lukman Ilman Nurhakim Universitas Islam Bandung, Indonesia
  • Neni Sri Imaniyati Universitas Islam Bandung, Indonesia
  • Sri Ratna Suminar Universitas Islam Bandung, Indonesia

DOI:

https://doi.org/10.54783/endlessjournal.v9i1.369

Abstract

This study examines the harmonization of personal data protection regulations within Indonesia’s insurance sector following the enactment of Law Number 27 of 2022 concerning Personal Data Protection (PDP Law). Since its promulgation on 17 October 2022, the PDP Law has established a comprehensive normative framework governing the processing and protection of personal data. Its alignment with sectoral regulations becomes imperative, particularly in light of Law Number 4 of 2023 concerning the Development and Strengthening of the Financial Sector (PPSK Law). Article 3 paragraph (2) letter (i) of the PPSK Law explicitly affirms the objective of strengthening the protection of customers’ personal data in the financial services sector, while Article 240 paragraph (1) requires financial sector business actors, including insurance companies, to comply with prevailing personal data protection laws and regulations as well as supervisory provisions issued by the Financial Services Authority. However, in practice, the PDP Law currently fulfills primarily the element of legal substance within the legal system. The structural and legal culture components remain incomplete, as the Law mandates the issuance of ten Government Regulations and one Presidential Regulation to operationalize its provisions. The absence of these implementing instruments creates normative fragmentation and limits effective enforcement within the insurance industry. Consequently, the PDP Law predominantly reflects a preventive model of legal protection, as conceptualized by Hadjon, emphasizing anticipatory safeguards and compliance mechanisms rather than repressive enforcement. This condition highlights the urgency of regulatory harmonization and institutional strengthening to ensure coherent and effective personal data protection governance in Indonesia’s insurance sector.

References

Badan Pembinaan Hukum Nasional. (n.d.). Naskah akademik Rancangan Undang-Undang Perlindungan Data Pribadi. Retrieved from: https://bphn.go.id/data/documents/na_perlindungan_data_pribadi.pdf

Bowen, G. A. (2009). Document analysis as a qualitative research method. Qualitative Research Journal, 9(2), 27–40.

Creswell, J. W., & Poth, C. N. (2018). Qualitative inquiry and research design: Choosing among five approaches. SAGE Publications.

Dewi, S. (2015). Privasi atas data pribadi: Perlindungan hukum dan bentuk pengaturan di Indonesia. Jurnal De Jure, 15(2).

Dewi, S. (2016). Konsep perlindungan hukum atas privasi dan data pribadi dikaitkan dengan penggunaan cloud computing di Indonesia. Yustisia, 5(1).

Djafar, W., & Santoso, M. J. (2016). Perlindungan data pribadi di Indonesia (Usulan pelembagaan kebijakan dari perspektif hak asasi manusia). Lembaga Studi dan Advokasi Masyarakat (ELSAM).

Efendy, A. R. M. (2024). Towards enhanced personal data protection: A novel approach to regulation and practice in Indonesia. E-Justice: Journal of Law and Technology, 1(1), 1-15.

Friedman, L. M. (1984). American law: An introduction. W.W. Norton & Company.

Hadjon, P. M. (1987). Perlindungan Hukum Bagi Rakyat Indonesia. Bina Ilmu.

Lincoln, Y. S., & Guba, E. G. (1985). Naturalistic Inquiry. SAGE Publications.

Makarim, E. (2020). Privacy and personal data protection in indonesia: the hybrid paradigm of the subjective and objective approach. In Data Protection Around the World: Privacy Laws in Action (pp. 127-164). The Hague: TMC Asser Press.

Miles, M. B., Huberman, A. M., & Saldaña, J. (2014). Qualitative data analysis: A methods sourcebook. SAGE Publications.

Patton, M. Q. (2015). Qualitative Research & Evaluation Methods. SAGE Publications.

Prasetyo, B., Handayani, I. G. A. K. R., & Sulistiyono, A. (2025). Data Protection Laws in Indonesia: Navigating Privacy in the Digital Age. Side: Scientific Development Journal, 2(1), 9-16.

Satwiko, B. S. (2021). Privacy and data protection: Indonesian legal framework. Corporate and Trade Law Review, 1(2), 98-118.

Solikhah, M. A. (2025). Personal data protection in the era of digital transformation: Challenges and solutions in the indonesian cyber law framework. Indonesian Cyber Law Review, 2(1), 39-50.

Undang-Undang Dasar Negara Republik Indonesia Tahun 1945.

Undang-Undang Republik Indonesia Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi.

Undang-Undang Republik Indonesia Nomor 4 Tahun 2023 tentang Pengembangan dan Penguatan Sektor Keuangan.

Yin, R. K. (2018). Case Study Research and Applications: Design and Methods. SAGE Publications.

Downloads

Published

09-02-2026

How to Cite

Nurhakim, L. I. ., Imaniyati, N. S. ., & Suminar, S. R. . (2026). Conflict of Norms on the Implementation of Personal Data Protection in Insurance Companies in Indonesia. ENDLESS: INTERNATIONAL JOURNAL OF FUTURE STUDIES, 9(1), 39–50. https://doi.org/10.54783/endlessjournal.v9i1.369

Issue

Vol. 9 No. 1 (2026): ENDLESS: International Journal of Future Studies

Section

Articles

License

Copyright (c) 2026 ENDLESS: INTERNATIONAL JOURNAL OF FUTURE STUDIES

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.