<![CDATA[The rapid digitalization of the financial services sector has improved efficiency, but it has also increased the risk of personal data breaches, which may result in financial losses, including the emergence of fake debtors. This study aims to analyze the scope of corporate legal liability as a Personal Data Controller in cases of personal data breaches and to identify obstacles in supervising personal data protection. This research employs a normative juridical method using secondary legal materials, supported by empirical data obtained through interviews. Data were analyzed using qualitative normative analysis. The findings indicate that corporate entities remain legally liable under Articles 67 and 70 of Law Number 27 of 2022 concerning Personal Data Protection, even when violations are committed by internal personnel. Such liability is based on the principles of vicarious liability and strict liability, requiring corporations to ensure data security through effective supervision and risk management systems. However, the implementation of personal data protection faces significant challenges, including weak compliance culture, low employee awareness, limited technological monitoring, and inconsistent internal policies. Therefore, strengthening data governance through technological enhancement, mandatory employee training, and consistent regulatory supervision is essential to ensure legal certainty and the protection of consumer privacy rights in the financial services sector.]]>
Copyrights © 2026
