Within the last five years it is noted that the people of Indonesia has become more aware of their privacy on personal data since their personal data is being collected, distributed and disseminated without their prior consent both by the government and businesses and their co-ventures . These businesses tend to commit violations by using and disseminating customers' data without the consent of their respective customers. This article focuses on Indonesian legal framework on the Privacy on personal data. It is argued that although there is existing laws in the privacy on personal data, however, those legal framework still developed in very sectoral nature. It is submitted that the most suitable regulatory concept for Indonesia is a combination regulatory concept, or hybrid concept., which protect Indonesian's and foreigner parties' interests privacy on personal data. To investigate existing laws in personal data protection, this research examines both national as well as International and regional legal framework in personal data protection. Comparison between Indonesia and the practice of other ASEAN states is also conducted to determine the most suitable approaches in addressing the protection of personal data.