Article 38 Indonesian Data Protection Law 2020
Erasure of personal data
(1) The personal Data controller is required to erase personal Data if:
a. Personal data is no longer necessary for the reach of thepurpose of processing personal data;
b. The owner of the personal Data has redrawn the processing of personal Data;
c. A request from the owner of the personal Data; Or
d. Personal Data is obtained and/or processed in a manner against the law.
(2) The deletion of personal Data as intended in paragraph (1) shall be done in accordance with the provisions of statutory regulations.
(3) Personal data that has been deleted as intended in paragraph (1) may be reinstated or reclaimed in the event of a written request from the owner of the personal Data.
(4) The request as mentioned in clause (3) may be submitted in case of not passing the retention period in accordance with the provisions of the Regulation.