Article 39 Indonesian Data Protection Law 2020
Obligation to destroy personal data
(1) The personal Data controller is obliged to destroy personal Data if:
a. have no more value;
b. has depleted its retention period and is destroyed based on the archive’s filing schedule;
c. A request from the owner of the personal Data; Or
d. Not related to the completion of the legal process of a matter.
(2) The destruction of personal Data as intended in paragraph (1) shall be done in accordance with the provisions of statutory regulations.