<![CDATA[The globalization of economic activity has significantly increased the interaction of Indonesian Notaries with foreign clients, both individuals (Foreign Citizens) and corporations (Foreign Companies), especially in facilitating Foreign Investment (PMA). This practice inherently involves the cross-border processing and transfer of personal data. The enactment of Law Number 27 of 2022 concerning Personal Data Protection (PDP Law) transforms the legal status of Notaries, from being merely Public Officials regulated by the Notary Office Law (UUJN), to becoming Personal Data Controllers. This research uses a juridical-normative method to analyze the implications of this new status, focusing on compliance with the cross-border data transfer mechanisms regulated in Article 56 of the PDP Law. The main findings indicate a critical legal vacuum. The PDP Law mandates a hierarchical data transfer mechanism (Equivalence Decision, Adequate Protection such as Standard Contractual Clauses/SCCs, and Explicit Consent). However, as of 2025, the implementing regulations (RPP) that authorize SCCs and establish the list of equivalent countries have not been issued. This creates a paradox of normative compliance: Notaries who attempt to comply with the due diligence principle of the UUJN by verifying client data with the country of origin are technically unable to comply with the data transfer standards of the UU PDP. Notaries are forced to rely on the mechanism of explicit consent as the sole legal basis, which in practice is weak and inadequate to protect Notaries from the risk of administrative and criminal sanctions under the PDP Law in the event of data protection failure in the destination country. This article recommends the urgency of the government's approval of the RPP, the interim adoption of international SCCs, and the issuance of proactive compliance guidelines by the Indonesian Notary Association (INI).]]>
