We often hear the phrase "Personal Data." What exactly is personal data? According to Article 1 of Law Number 23 of 2006 concerning Population Administration, Personal Data is specific individual data that is stored, maintained, and kept accurate, and its confidentiality is protected. This data, which constitutes true and factual information that can be used as the basis for this study, is owned or possessed by a person as an individual (the person or oneself). In fact, although the Personal Data Protection Law has not yet been established, Personal Data itself is protected and legally protected by the Electronic Information and Transactions (ITE) Law, which prohibits the act of obtaining information by any means, as stipulated in Article 30 paragraph (2) of the ITE Law No. 11 of 2008 in conjunction with Article 46 paragraph (2) of the ITE Law No. Law No. 11 of 2008 states that: "Any person who intentionally and without authority or unlawfully accesses a computer and/or Electronic System by any means for the purpose of obtaining Electronic Information and/or Electronic Documents shall be subject to a maximum imprisonment of 7 (seven) years and/or a maximum fine of Rp. 700,000,000 (seven hundred million rupiah)." It should be noted that Personal Data that must be protected according to Article 26 of Law No. 11 of 2008 concerning ITE includes:

a. Family Card Number;
b. National Identification Number (NIK);
c. Date, Month, and Year of Birth;
d. Information about physical and/or mental disabilities;
e. Mother's NIK;
f. Father's NIK;
g. Some important event notes.
This is further reinforced by the enactment of Government Regulation Number 82 of 2012 concerning the Implementation of Electronic Systems and Transactions, including the following:
a. Protection from unauthorized data use;
b. Protection by Electronic System Operators;
c. Protection from information access;
d. Protection from illegal interference.

Regarding the Impact, the absence of the PDP Law clearly results in losses. These losses are divided into two categories: Material Losses and Immaterial Losses. Material Losses are losses that are actually suffered and can be calculated based on a monetary amount. Therefore, when a material claim is granted in a judge's decision, the assessment is made objectively, for example, medical expenses, repairs, and so on. Meanwhile, Immaterial Losses, in legal terminology, are defined as "unprovable," so according to Dr. Riki Perdana Raya Waruwu, S.H., M.H. Immaterial losses are losses suffered as a result of unlawful acts that cannot be proven or recovered, and/or result in temporary loss of enjoyment of life, fear, pain, and shock that cannot be quantified in monetary terms. One of the major impacts faced by Indonesian society is personal data theft. Personal data theft generally occurs due to numerous vulnerabilities in company websites and even government websites. Indonesia ranked third in terms of accounts experiencing data breaches at the end of 2022. Because Indonesia needs special regulations, the Ministry of Communication and Informatics is being urged to immediately create specific regulations to regulate Personal Data Protection. The Personal Data Protection Bill was drafted during Minister Johny G. Plate's term. The public is also urged not to use the same password for all accounts, not to fill out personal data questionnaires carelessly and/or share personal data such as photos, ID cards, and family data, and not to download files that could potentially lead to fraud, in order to prevent and improve digital data security literacy. The enactment of the Personal Data Protection Law has successfully improved the protection of the public's Personal Data. Article 65 paragraph (1) of the Personal Data Protection Law states that every person is prohibited from unlawfully obtaining or collecting Personal Data that does not belong to them for the purpose of benefiting themselves or others, which could result in harm to the Personal Data Subject. Every person is also prohibited from disclosing Personal Data that does not belong to them, either online or offline, as regulated in Article 65 paragraph (2) of the Personal Data Protection Law.