Personal Data Protection Strategies in the Digital Business Era: A Normative and Empirical Juridical Analysis of the Personal Data Protection Law
DOI:
https://doi.org/10.59188/eduvest.v6i2.52311Keywords:
Personal data protection, digital business, privacy by design, digital literacy organizational governanceAbstract
The development of digital businesses in Indonesia is driving an increase in personal data-based transactions that require a strong and integrated protection system. This study aims to identify personal data protection strategies through literature analysis that includes aspects of regulation, organizational governance, technology, and digital literacy. Using a literature review approach to 20 articles from the Scopus, Google Scholar, DOAJ, and SINTA databases, this study analyzes four main stages: identification, selection, thematic analysis, and theoretical synthesis. The results of the analysis show five main themes in personal data protection, namely regulation and legal compliance, the implementation of Privacy by Design and Security by Design, organizational governance and risk management, digital literacy and human factors, as well as implementation challenges and best practices. The effectiveness of data protection is highly dependent on regulatory compliance, the implementation of Privacy by Design, public privacy awareness, and adaptive organizational governance. Regulations such as GDPR, CCPA, and the Indonesian PDP Law provide a comprehensive legal framework, but their effectiveness is determined by the ability of institutions and businesses to translate legal norms into sustainable operational practices. This study recommends strengthening synergy between public policies, industry, and society in building a sustainable data protection culture.
References
Albrecht, J. P. (2016). How the GDPR Will Change the World. European Data Protection Law Review.
Board, E. U. Data Protection. (2022). Annual Report on GDPR Implementation. Brussels: EDPB.
Budiarto, A., & Pramana, D. (2022). Data governance framework for digital business compliance. Jurnal Sistem Informasi, 18(3), 220–233.
California, Legislature. California Consumer Privacy Act (CCPA). , (2018).
Cavoukian, A. (2010). Privacy by Design: The 7 Foundational Principles. Information & Privacy Commissioner of Ontario.
Clarke, R. (2016). Standards for Privacy in a Data-Intensive World. Computer Law & Security Review.
Data, Privacy. (2024). Data Privacy Today: Pitfalls, Strategies and the Future Ahead. RSM Global Risk Advisory Insights.
Del-Real, C., de Busser, E., & van den Berg, B. (2025). A Systematic Literature Review of Security by Design and Privacy by Design Principles, Norms, and Strategies for Digital Technologies. International Review of Law, Computers & Technology.
European, Parliament. General Data Protection Regulation (GDPR). , Official Journal of the European Union § (2016).
Fitriani, R. (2023). Legal compliance and personal data protection in e-commerce. Jurnal Hukum Dan Teknologi, 5(2), 134–148.
Greenleaf, G. (2018). Global Data Privacy Laws 2017: 120 National Data Privacy Laws, Including Indonesia. Privacy Laws & Business International Report.
ISO. (2021). Information Security Management Systems — ISO/IEC 27001:2021. Geneva: International Organization for Standardization.
Kemenkominfo. (2023). Pedoman Pelaksanaan UU Perlindungan Data Pribadi. Jakarta: Kementerian Komunikasi dan Informatika.
Kitchenham, B., & Charters, S. (2007). Guidelines for performing systematic literature reviews in software engineering. EBSE Technical Report.
Kokolakis, S. (2017). Privacy Attitudes and Concerns: A Review of Privacy Research. Computers & Security.
Kuner, C. (2017). The Internet and the Global Reach of European Data Protection Law. International Data Privacy Law.
Legal Protection of Personal Data Privacy in the Digital Era: A Comparative Study between Indonesia and ASEAN Countries. (2024). Hakim: Jurnal Ilmu Hukum dan Sosial.
Nissenbaum, H. (2010). Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford University Press.
Nugraha, Y., & Sari, D. (2023). Digital economy and personal data risks in Indonesia. Jurnal Transformasi Digital, 12(1), 25–38.
O’Flaherty, K. (2020). Managing Data Breaches: Organizational Responses and Best Practices. Journal of Information Security Practice.
OECD. (2021). Digital security risk management for economic and social prosperity. Paris: OECD Publishing.
Prasetyo, M. (2024). Integrating privacy frameworks into business governance systems. Journal of Digital Law, 11(2), 99–118.
Rahardjo, T. (2021). Challenges in implementing Indonesia’s Personal Data Protection Law. Indonesian Journal of Policy Studies, 9(4), 301–320.
Research on User Privacy Protection Strategies of E-Commerce Platforms. (2024). EUrASEANs Journal on Global Socio-Economic Dynamics.
RSM Global. (2024). Data Privacy Today: Pitfalls, Strategies and the Future Ahead. RSM Risk Advisory Insights.
Santoso, I., & Wibowo, F. (2024). Security by design approach for protecting digital identity. Jurnal Teknologi Informasi, 20(1), 45–59.
Setiawan, R. (2022). Privacy paradox in Indonesia’s digital market. Journal of Cyber Policy, 7(3), 277–295.
Siregar, L. (2023). Personal data vulnerability in fintech platforms. Jurnal Keamanan Siber, 10(2), 88–104.
Snyder, H. (2019). Literature Review as a Research Method: An Overview and Guidelines. Journal of Business Research, 104, 333–339.
Solove, D. J. (2004). The Digital Person: Technology and Privacy in the Information Age. NYU Press.
Strategi Manajemen Data Privasi dalam Era Digital pada Perusahaan dan Bisnis Modern. (2024). Jurnal Ilmiah Nusantara.
Supriyadi, E. (2023). Digital literacy and privacy awareness among MSMEs. Jurnal Pendidikan Teknologi, 15(1), 70–81.
Tarumanagara, D., & Silalahi, W. (2025). Threats and Strategies for Personal Data Protection in Digital Services: A Thematic Review and Regulatory Analysis. Journal of Business, Management, and Social Studies, 5(2), 77–84.
Taufik, A., & Widodo, S. (2023). Regulatory lag and digital policy adaptation in Indonesia. Policy Review Indonesia, 4(1), 52–68.
Wright, D., & De Hert, P. (2012). Privacy Impact Assessment. Springer.
Xiao, Y., & Watson, M. (2019). Guidance on Conducting a Systematic Literature Review. Journal of Planning Education and Research, 39(1), 93–112.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Augustinus Lumban Tobing, Nanda Dwi Rizkia
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
