The rapid development of big data has significantly increased the risk of personal data breaches in Indonesia, highlighting the need for stricter regulations to safeguard personal information. Although Law No. 27 of 2022 on Personal Data Protection (UU PDP) has been enacted, its implementation still faces several challenges, including weak oversight mechanisms and low corporate compliance. This study aims to analyze the effectiveness of the UU PDP in providing legal protection for personal data in Indonesia and compare it with the General Data Protection Regulation (GDPR) in the European Union. Using a normative legal approach and comparative legal methodology, this research examines Indonesia’s data protection regulations and contrasts them with international standards. Findings indicate that more than 60% of companies in Indonesia have not yet fully complied with the UU PDP, while cases of data breaches have increased significantly. Major incidents include the leakage of 279 million BPJS Kesehatan user records in 2021 and 91 million Tokopedia user records in 2020. Additionally, 75% of Indonesian internet users remain skeptical about the security of their data in digital transactions. Compared to the GDPR, the UU PDP still has weaknesses in terms of enforcement and sanctions. While the GDPR imposes fines of up to 4% of a company’s global revenue for violations, the UU PDP still imposes relatively low penalties. This study contributes to policy recommendations aimed at strengthening the implementation of the UU PDP, including the establishment of an independent authority responsible for personal data protection and the enhancement of penalties for violators