<![CDATA[This study aims to analyze the implementation of Law Number 27 of 2022 on Personal Data Protection (PDP Law) in the management of data on the DKI Jakarta Online Tax website. The research problem focuses on data governance, protection mechanisms, access restrictions, fulfillment of data subject rights, and preparedness for incident response. The study employs a qualitative approach through in-depth interviews with officials and system and data administrators at the DKI Jakarta Regional Revenue Agency (Bapenda) and the Tangerang Regency Regional Revenue Agency. The findings indicate that Bapenda collects personal data such as National Identification Numbers (NIK), names, addresses, marital status, and other personal information for the purposes of taxpayer validation and policy formulation. Data protection measures are implemented through encryption, role-based access control, activity monitoring and logging, as well as periodic security audits. Mechanisms for taxpayer services have been established to facilitate requests for data access, rectification, and objections in accordance with the provisions of the PDP Law. In addition, Bapenda has established incident response procedures implemented by an internal Computer Security Incident Response Team (CSIRT) through processes of identification, analysis, recovery, and notification within 3×24 hours in the event of a data breach. The challenges encountered include harmonization between the PDP Law and government archival regulations, as well as the enhancement of security awareness and literacy among employees and taxpayers. This study concludes that the implementation of personal data protection on the DKI Jakarta Online Tax website has generally been effective; However, further improvements are required in data retention policies and the formal appointment of a Data Protection Officer.]]>
