<![CDATA[ The development of digital transformation has increased the use of personal data in various service sectors, both public and private sectors. This condition is also accompanied by an increased risk with an increased risk of personal data leakage that can cause losses for data subjects, such as identity misuse, privacy violations, and economic losses. This study aims to analyze the normative construction of data controller responsibilities and identify gaps and unclear norms in the regulation of data controller responsibilities based on Law Number 27 of 2022 concerning Personal Data Protection. The research method used is normative legal research with a legislative approach and a conceptual approach. This research is also equipped with limited interviews with resource persons who have competence in the field of personal data protection law to strengthen the analysis. The results of the study show that the construction of the responsibility of the data controller as the party fully responsible for the processing of personal data to achieve the legally determined purpose. In addition, periodic evaluation and supervision are needed so that each data processing runs effectively and efficiently. However, there is still a gap in norms related to technical standards for data protection and clear parameters in determining the form of negligence of data controllers. This ambiguity has the potential to cause differences in interpretation in law enforcement practices and create legal uncertainty for personal data subjects.]]>
