Personal data protection has become an urgent legal issue in the digital era, especially with the increasing risks of data misuse. This study aims to analyze and compare the legal frameworks of Indonesia's Personal Data Protection Law No. 27 of 2022 and the United Kingdom's Data Protection Act 2018 in protecting the rights of data subjects. Using a normative juridical method with a comparative legal approach, this study examines key principles, enforcement mechanisms, and institutional structures in both legal systems. The research finds that while both laws emphasize individual data rights and accountability, the UK has a more established institutional framework (ICO) compared to Indonesia, which still lacks an independent supervisory authority. The novelty of this research lies in offering bilateral legal harmonization insights and adaptation strategies for Indonesia to meet international standards like GDPR while maintaining cultural and institutional relevance. The study concludes that Indonesia must strengthen its legal institutions and adopt a phased approach to regulatory convergence through establishing an independent data protection authority, capacity building, public legal awareness programs, and regional cooperation frameworks. It recommends a gradual harmonization roadmap starting from ASEAN PDP Framework implementation to eventual GDPR-style reforms to improve data protection effectiveness in the digital age.