<![CDATA[Introduction to the Problem: Data theft and leakage have severe consequences and can harm individuals, organizations, and society. Such problems also frequently occur in Indonesia massively. Purpose/Study Objectives: This study aims to analyze the efficacy of legal measures, particularly Law Number 27 of 2022, in addressing these issues and explores challenges hindering effective enforcement. Design/Methodology/Approach: This study employs a qualitative approach, specifically thematic analysis, to examine the legal landscape of personal data protection in Indonesia, utilizing Law Number 27 of 2022 as the primary document for analysis. The data was then transferred to Nvivo 12 Plus for coding, classification, and coding based on units of analysis, including theme identification and text search to find words, phrases, or text patterns. Findings: The study reveals that substantial steps, including the enactment of the Personal Data Protection law, have been taken to address data theft in Indonesia. The law establishes criminal consequences, encompassing imprisonment, fines, restitution, or a combination thereof. However, despite these measures, challenges persist, including limited law enforcement capacity, insufficient awareness of data protection, constrained inter-agency cooperation, and the swift pace of technological advancements. Furthermore, issues such as limited digital evidence, sluggish legal processes, low reporting rates, ineffective penalties, and difficulties in enforcing laws in cyberspace compound the challenges faced by law enforcement in Indonesia. Paper Type: Research Article]]>
