This article discusses the harmonisation of criminal liability and civil damages in cases of data breaches in Indonesia as an effort to strengthen victim protection in the digital age. Breaches of personal data cause losses that are not only material but also immaterial, thus requiring a legal approach that goes beyond merely punishing the perpetrators to also restoring the victims’ rights. This study demonstrates that Law No. 27 of 2022 on Personal Data Protection has provided a normative basis for the enforcement of criminal penalties and civil compensation; however, its implementation still faces challenges regarding the burden of proof, compensation mechanisms, and the integration of criminal and civil proceedings. Therefore, harmonisation of regulations and law enforcement is required to ensure that victim protection becomes more effective, fair, and responsive to developments in digital crime.
Copyrights © 2026