<![CDATA[The rapid advancement of information technology has brought significant challenges, one of which is the risk of personal data leakage due to cybercrime. In response to this, Law Number 27 of 2022 concerning Personal Data Protection (PDP Law) was enacted as a legal foundation that comprehensively regulates the protection of personal data in Indonesia. This law contains the main principles of personal data protection, including the rights of individuals as data owners to receive protection, the obligations of data controllers and processors to maintain information security, as well as the obligation to conduct risk assessments in processing data that has the potential for high impact. The PDP Law also explicitly prohibits the collection and dissemination of personal data without a legal basis, which could harm the data owners, with criminal sanctions including imprisonment of up to five years and fines of up to IDR 5 billion for offenders. Moreover, this law establishes a personal data protection authority tasked with supervising the implementation of the provisions and receiving and following up on public reports of alleged violations. Victims of data leakage have several legal avenues available, such as filing civil lawsuits, reporting to the Ministry of Communication and Information Technology for administrative resolution, or reporting to the police for criminal prosecution. With this regulation, the state provides strong legal protection guarantees and structured enforcement procedures to prevent and address incidents of personal data leakage resulting from cybercrime, while also encouraging increased awareness and responsibility among data managers in today’s digital era.]]>
