Evaluating Data Breach Notification Protocols

Data protection is one of the most important aspects of the digital economy, with its legal implications spreading wide across the digital landscapes. The failure of protecting data results in data breaches, which can threaten the interests of data owners and expose them to further risks associated with the breach. Legal compliance regarding the notification of data breach plays an important role in preventing this, necessitating a deep legal discourse and analysis. Using comparative legal research method with statutory approach, this study analyzes the norms that exist within Indonesia and South Korea’s legal system to analyze the difference in legal compliance regarding this issue. Findings of this study highlight the discrepancies in legal frameworks between Indonesia and South Korea, notably Indonesia's lack of a governing body for data breach notifications and the absence of a comprehensive approach to privacy impact assessments and cybersecurity compliance. Additionally, the study underscores the need for Indonesia to develop a normative model for data protection to address its significant regulatory gaps, contrasting with South Korea's more robust legal mechanisms and the GDPR's systematic oversight.