Implementation of Personal Data Protection on Online Tax Websites DKI Jakarta

Authors

  • Indra Nurmansyah Faculty of Law, Universitas Esa Unggul, Jakarta, Indonesia
  • Luthy Yustika Faculty of Law, Universitas Esa Unggul, Jakarta, Indonesia

DOI:

https://doi.org/10.51601/ijse.v6i1.435

Abstract

This study aims to analyze the implementation of Law Number 27 of 2022 on Personal Data Protection (PDP Law) in the management of data on the DKI Jakarta Online Tax website. The research problem focuses on data governance, protection mechanisms, access restrictions, fulfillment of data subject rights, and preparedness for incident response. The study employs a qualitative approach through in-depth interviews with officials and system and data administrators at the DKI Jakarta Regional Revenue Agency (Bapenda) and the Tangerang Regency Regional Revenue Agency. The findings indicate that Bapenda collects personal data such as National Identification Numbers (NIK), names, addresses, marital status, and other personal information for the purposes of taxpayer validation and policy formulation. Data protection measures are implemented through encryption, role-based access control, activity monitoring and logging, as well as periodic security audits. Mechanisms for taxpayer services have been established to facilitate requests for data access, rectification, and objections in accordance with the provisions of the PDP Law. In addition, Bapenda has established incident response procedures implemented by an internal Computer Security Incident Response Team (CSIRT) through processes of identification, analysis, recovery, and notification within 3×24 hours in the event of a data breach. The challenges encountered include harmonization between the PDP Law and government archival regulations, as well as the enhancement of security awareness and literacy among employees and taxpayers. This study concludes that the implementation of personal data protection on the DKI Jakarta Online Tax website has generally been effective; However, further improvements are required in data retention policies and the formal appointment of a Data Protection Officer.

Downloads

Download data is not yet available.

References

[1] Anggen Suari, KR, & Sarjana, IM (2023). Maintaining privacy in the digital era: Personal data protection in Indonesia. Journal of Legal Analysis, 6(1), 132–142. https://doi.org/10.38043/jah.v6i1.4484

[2] Cahyani, WD, & Marianata, A. (2024). Analysis of personal data protection policies in Bengkulu City: Study of the implementation of the PDP Law in the digital era. Journal of Law and Public Policy Studies, 2(1), 623–626. https://jurnal.kopusindo.com/index.php/jkhkp/article/view/473

[3] Gunardi. (2022). Legal research methods. Damera Press.

[4] Hapsari, NW, & Wirjatmi TL, HTGE (2023). Optimization of monitoring and evaluation activities in the regional research. Journal of Applied Media Administration (JMAT), 4(1), 19–25.

[5] Joshua, I., & Chandra, DW (2024). Analysis of logging and auditing of SQL database access via remote connections using AnyDesk. JATI (Journal of Informatics Engineering Students), 7(6), 3180–3186. https://doi.org/10.36040/jati.v7i6.8072

[6] Mariyam, YS (2024). E-government in public services. CV Azka Pustaka.

[7] Martien, D. (2023). Legal protection of personal data. Mitra Ilmu.

[8] Muhaimin. (2020). Legal research methods. Mataram University Press.

[9] Pradana, MAE, & Saragih, H. (2024). The principle of accountability in the Personal Data Protection Act against GDPR and its legal consequences. Journal of Social Science Research, 4(4), 3412–3425.

[10] R., SA, Sadi, M., Rani, FH, & Arda, DJ (2024). Legal protection. CV Doki Course and Training.

[11] Setiawan, IKO, & Samosir, T. (2023). Legal research methodology. Reka Cipta Publisher.

[12] Sijabat, FM, & Widjaja, G. (2025). Cybersecurity and data protection in digital taxation system. Sibatik Journal, 4(4), 325–334. https://publish.ojs-indonesia.com/index.php/SIBATIK

[13] Silalahi, JAS, Purba, YY, & Nasution, MF (2025). A legal analysis of personal data protection mechanisms in electronic information systems based on a criminal law perspective in Indonesia. Jurnal Minfo Polgan, 14(1), 604–613. https://doi.org/10.33395/jmp.v14i1.14810

[14] Syailendra Putra, MR, Purwanti, PA, & Istisofani, AS (2024). Data security analysis in legal telematics: Between privacy and transparency. Journal of Legal Accounting and Education, 1(2), 633–642. https://doi.org/10.57235/jahe.v1i2.3875

[15] Wahyudi, I., Yunus, S., Lutfi, M., Musdayati, & Jaya, AH (2024). Journal of Politics and Regional Government, 6(1), 177–188.

[16] Widiarti, WS (2024). Legal research methods. Global Medika Publication.

[17] Wiraguna, SA, & Barthos, M. (2025). Privacy law & personal data protection in Indonesia. Widina Media Utama.

Downloads

Published

2026-03-01

How to Cite

Nurmansyah, I., & Yustika, L. (2026). Implementation of Personal Data Protection on Online Tax Websites DKI Jakarta. International Journal of Science and Environment (IJSE), 6(1), 1044–1052. https://doi.org/10.51601/ijse.v6i1.435

Issue

Vol. 6 No. 1 (2026): February 2026

Section

Articles

License

Copyright (c) 2026 Indra Nurmansyah, Luthy Yustika

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.