Indonesia implemented the Personal Data Protection Law (Law No. 27 of 2022) on October 17, 2022, to enhance data privacy in alignment with international standards, particularly the European Union’s General Data Protection Regulation (GDPR). This law stipulates principles such as limited and specific data collection, the protection of data subject rights, data destruction after retention periods, and accountable data processing, significantly affecting records management practices across organizations in Indonesia. This study aims to examine the impact of data privacy laws on records management practices and explore how organizations adjust their practices to comply with these regulations. A qualitative approach was adopted, involving data collection from records management professionals across key sectors in Indonesia, including government, finance, construction, oil and gas, media, education, and international organizations, to provide a comprehensive analysis. The study reveals that the PDP Law significantly influences records management activities, with varying degrees of impact across different organizations. Some organizations have prioritized raising awareness about personal data protection, while others have already implemented changes or are planning to do so to comply with the law. The Personal Data Protection Law mandates organizations to enhance records management by restricting access and securely storing personal data. It necessitates explicit procedures for anonymizing and disposing of personal data, thereby transforming records management into a critical tool for ensuring transparency, legal compliance, and preventing unauthorized access.