<![CDATA[The advancement of information technology has accelerated the digitalization of data across various sectors, including government institutions. However, this digital transformation also increases the risk of violations against citizens' privacy rights, particularly through personal data breaches. The data breach incident involving the Temporary National Data Center (PDNs) in 2023 serves as a real example of the state's weak data governance, which directly impacts the legal protection of affected individuals. This research aims to analyze the urgency of legal regulation for victims of data breaches from the perspective of Law Number 27 of 2022 concerning Personal Data Protection (PDP Law), as well as to elaborate on the legal consequences of such violations. This study employs a normative juridical method with a statutory and case approach. The findings reveal that although the PDP Law regulates the rights of data subjects—including the right to information, breach notification, and compensation—the implementation in the PDNs case remains inadequate. The government, as a data controller, failed to transparently notify victims and has not provided sufficient legal remedies. Furthermore, the absence of the Personal Data Protection Authority (PDPA) has resulted in a lack of supervision and enforcement. The legal consequences for violations by state institutions are ineffective, despite the PDP Law providing for administrative, civil, and even criminal sanctions. Keywords: Personal Data Protection. PDNs. PDP Law.]]>
Copyrights © 2025
