<![CDATA[Technological developments require humans as personal data subject entities or personal data owners to submit various personal information to personal data controllers to be able to carry out certain activities. This is the impact of technological developments which are known to have no limits and space in connecting other humans with other humans by only conveying some information to themselves. This research uses normative juridical research with a statutory approach and a case approach. The leak of personal data belonging to Bank Syariah Indonesia customers in May 2023 is proof that the Personal Data Controller (Bank Syariah Indonesia) is responsible for its customers. In its implementation, the Government in this case has established Law Number 27 of 2022 on Personal Data Protection and its implementing regulations for data protection and security. However, in fact, the law or implementing regulations have not been effective enough to be implemented perfectly in resolving the problem of data leakage and still violate the privacy rights of citizens (especially BSI Bank customers). In the positive law that has been implemented (Personal Data Protection Law), the first form of implementation of legal responsibility that must be carried out by the Personal Data Controller when personal data is leaked is to provide written notification no later than 3x24 hours if there is a failure to protect personal data to the personal data subject and also agencies.]]>
