Internet integrated various kinds of data by collecting and storing all information that can be analyzed to produce what we understand as big data. However, data collection and processing are vulnerable to intervening in the privacy of the data subject. More than 100 countries already have their data protection law that mainly influenced by GDPR. Under an extraterritorial principle, GDPR is applied to any data controller, and data processors, including there, are not established in the EU. As a promising country in the digital economy, there is a possibility that the GDPR will impact Indonesia. Using normative legal research, this paper analyzes a structure of GDPR’s requirements that will be impacted to Indonesia's business and what is a legal implication occurred, including an example from existing Indonesia's business that has met such requirements. Offering the goods and services or monitoring the user's behavior is essential that the GDPR's prevail.