Fintech or financial technology is an alternative path in the financial sector based on information technology. Fintech as an innovation from electronic financing institutions provides many benefits, but on the other hand there are also weaknesses that are still a problem in society, namely data leakage in the fintech system which is implemented electronically. One of the companies that experienced a data leak is PT Fintech Cermati. In Indonesian regulations, preventive and repressive efforts against data leaks have been regulated in OJK Regulation (POJK) Number 77 of 2016 concerning Information Technology-Based Money Lending Services and Law No. 27 of 2022 concerning Personal Data Protection which regulates the Company's obligations in maintaining the confidentiality of its consumer data. This study aims to determine the extent of compliance and responsibility of PT Fintech Cermati for the protection of its consumers' personal data. The research method used in this study is descriptive analytical, namely against data that has been collected as completely as possible through secondary data from relevant literature sources to be discussed and explained systematically with primary data in the form of literature studies with an analytical concept approach method. The results of this study indicate that the company's obligation to comply with the provisions of Article 16 of the PDP Law in conjunction with Article 26 and Article 28 of POJK 77/2016 concerning maintaining the confidentiality of personal and company data can be held accountable in civil and criminal matters.