<![CDATA[Technological advancements and the growing digitalization of public services have significantly increased the processing of citizens’ personal data.. However, this situation also increases the risk of data leaks, as demonstrated by the leak of Taxpayer Identification Numbers (NPWP) that has affected millions of individuals since September 2024. This study examines the regulatory framework for personal data protection based on Law No. 27 of 2022, evaluates the urgency of its implementation in preventing and responding to data breaches, and analyzes the legal implications for parties that fail to protect personal data. Using a normative juridical method and a statutory approach, the findings show that Law Number 27 of 2022 provides comprehensive regulations for all stages of personal data management and imposes administrative, civil, and criminal sanctions for violations. However, law enforcement still faces challenges in the form of low public legal awareness, weak monitoring mechanisms, limited cross-sector coordination, and the absence of precedents for imposing sanctions and strict legal accountability mechanisms in data breach cases such as NPWP, so that the restoration of data owners' rights has not been optimal. Therefore, strengthening institutional capacity and improving public education are crucial to ensuring effective protection of citizens' privacy in the digital age.]]>
Copyrights © 2025
