LEGAL RESPONSIBILITY UPON DATA PROTECTION TO ENSURE THE CONSUMER RIGHTS AND THE IMPLEMENTATION OF DATA PROTECTION OFFICER BASED ON PERSONAL DATA PROTECTION LAW IN CASE OF TOKOPEDIA COMPANY

Abstract

A personal data breach is a violation faced by businesses, particularly those directly tied to technology. In Indonesia, there are numerous incidents of personal data breach E-Commerce Businesses such as Tokopedia. This study attempts to assess the legal responsibilities of perpetrators of consumer data security along with the implementation of Data Protection Officer roles within companies such as Tokopedia. This is a normative legal research analysis with a statue approach and a conceptual approach. The data was gathered through library research and examined prescriptively. The study’s findings are: 1. Legal protection for clients in the event of misuse of their personal data. Protecting customers data in advance of a failure to do so might hurt customers; hence, preventative measures include legal protection that is preventative in nature. As a result of the losses suffered by customers as a result of the failure to secure the confidentiality of their personal data, repressive protection is carried out in the protection of consumer personal data by involving the role of the business and the government in providing legal protection. 2. The Data Protection Officer can provide valuable assistance to the company in conducting assessment of the potential impact on personal protection with regard to new policies. Conclusion of this topic are: 1. In the event of a Breach of Personal Data in Company, it is mandatory for the company as a company involved to inform the Data Owner related to the breach, and assume of full responsibility for mishandling related to the existing data. 2. The implementation of Tokopedia has implements a data protection officer to maintain all process in protecting personal data in accordance with the applicable PDP Law.