Data Protection Impact Assessment (DPIA) sebagai Instrumen Kunci Menjamin Kepatuhan UU PDP 2022 di Indonesia
DOI:
https://doi.org/10.62383/progres.v2i2.1821Keywords:
Data Protection Impact Assessment, Digital transformation, DPIA, Personal Data Protection Law, Privacy risk managementAbstract
The rapid digital transformation in Indonesia has intensified the need for robust personal data protection, particularly through the mechanism of the Data Protection Impact Assessment (DPIA) as stipulated in Law Number 27 of 2022 concerning Personal Data Protection (PDP Law). This study employs a normative juridical and qualitative approach to examine the role of DPIA as a key instrument in identifying, evaluating, and mitigating privacy risks in high-risk personal data processing activities. The findings reveal that although DPIA represents a significant normative advancement, its implementation faces major challenges, including the absence of detailed technical regulations, limited institutional capacity, and insufficient data subject involvement. By comparing international best practices, this research highlights the urgent need to strengthen regulatory frameworks, enhance digital and privacy literacy, and develop a collaborative ecosystem to optimize the DPIA function. Normative recommendations are formulated to reinforce DPIA as a risk management tool and a safeguard for privacy rights, aiming to foster a secure and trustworthy digital ecosystem amid ongoing digital transformation.
References
Ahyar, S. W. (2024). Metode normatif dan empiris dalam penelitian hukum: Studi eksploratif di Indonesia. Public Sphere: Jurnal Sosial Politik, Pemerintahan dan Hukum, 3(3), 146–153.
Anggraini, D. (2022). Perlindungan data pribadi dalam jurnalisme dan media. Asosiasi Media Siber Indonesia. https://cms.amsi.or.id/uploads/dokumen/5/4/54.pdf
Anggraini, D. I., & Putra, P. O. H. (2025). Data protection impact assessment framework in the banking sector in Indonesia to implement law of personal data protection. Jurnal Sistem Informasi (Journal of Information System), 21(1), 1–16.
Dashti, S., & Ranise, S. (2020). Tool-assisted risk analysis for data protection impact assessment. In M. Friedewald, M. Önen, E. Lievens, S. Krenn, & S. Fricker (Eds.), Privacy and identity management. Data for better living. AI and privacy. Privacy and identity 2019 (pp. 259–276). Springer.
Febriari, S. (2023). Deretan kasus kebocoran data pribadi di Indonesia sepanjang 2022–2023. Metro TV News. https://www.metrotvnews.com/play/NA0CXWqa-deretan-kasus-kebocoran-data-pribadi-di-indonesia-sepanjang-2022-2023
Hamdan, N. G. (2023). Perlindungan data pribadi berbasis human rights impact assessment (HRIA) di Indonesia (Studi terhadap Undang-Undang Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi) [Undergraduate thesis, Universitas Widyagama].
Handayani, R. (2023). Kebijakan prosedur penilaian dampak perlindungan data (DPIA) di organisasi. Jurnal Manajemen Informatika Jayakarta, 7(1), 45–58. https://journal.stmikjayakarta.ac.id/index.php/JMIJayakarta/article/view/1721
Kun, E. (2022). Exploring the role of data protection impact assessments in the use of facial recognition technologies: From accountability to metaregulation. Social Science Research Network. https://dx.doi.org/10.2139/ssrn.4239404
Mugiono, S. A. (2025). Between ease and vulnerability: Juridical analysis of population identity data protection in digital applications. COSMOS: Jurnal Ilmu Pendidikan, Ekonomi dan Teknologi, 4(2), 684–691.
Personal Data Protection Commission Singapore. (2022, March 3). Data protection officers. https://www.pdpc.gov.sg/Overview-of-PDPA/Data-Protection/Business-Owner/Data-Protection-Officers
Putra, T. I., Fibrianti, N., & Fakhrullah, M. R. (2024). Data protection impact assessment indicators in protecting consumer personal data on e-commerce platforms. The Indonesian Journal of International Clinical Legal Education, 6(1), 111–150.
Salsabila, S. (2025). Pertanggungjawaban hukum atas pelanggaran data pribadi dalam perspektif Undang-Undang Pelindungan Data Pribadi Indonesia. Konsensus: Jurnal Ilmu Pertahanan, Hukum dan Ilmu Komunikasi, 1(1), 145–157.
Saputra, D. F. (2023). Literasi digital untuk perlindungan data pribadi. Volume 17(3), 1–12. Universitas Pembangunan Nasional Veteran Jakarta.
Sidi, A. W. (2024). Metode normatif dan empiris dalam penelitian hukum: Studi eksploratif di Indonesia. Public Sphere: Jurnal Sosial Politik, Pemerintahan dan Hukum, 3(3), 146–153. https://doi.org/10.59818/jps.v3i3.1390
Sidi, A. W. (2025). Eksplorasi metode penelitian dengan pendekatan normatif dan empiris dalam penelitian hukum di Indonesia. Lex Jurnalica, 3(3), 66–72.
Tim Publikasi. (2023). FGD tentang data protection impact assessment (DPIA) dalam pemrosesan data biometrik. Atma Jaya. https://www.atmajaya.ac.id/id/pages/fgd-dpia-lppm
Wahyuni, W. (2023). Melihat prinsip dan dasar pemrosesan data pribadi. Hukumonline.com. https://www.hukumonline.com/berita/a/melihatprinsip-dan-dasar-pemrosesan-data-pribadi-lt64a2df2ad70ce/?page=2
Wiraguna, S. A., Purwanto, L. M. F., & Widjaja, R. R. (2024). Metode penelitian kualitatif di era transformasi digital. Arsitekta: Jurnal Arsitektur dan Kota Berkelanjutan, 6(1), 46–60. https://doi.org/10.18860/jia.v4i1.3466
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Politika Progresif : Jurnal Hukum, Politik dan Humaniora
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
