The problem of cyber security and personal data in Indonesia is one of the problems that cannot be underestimated. The National Cyber Security Index (NCSI) report noted that Indonesia's cybersecurity index score was 38.96 points out of 100 in 2022. This figure places Indonesia in the 3rd lowest rank among G20 countries. Globally, Indonesia ranked 83rd out of 160 countries on the report. According to Andi Fadillah Fujiama Diapoldo Silalahi , Rahmadi Islam, Singgi, and Heizkel Bram Setiawan and Fatma Ulfatun Najicha. That Cyber security is an effort to ensure the achievement and maintenance of the security nature of the organization and user assets against Legal Certainty. With this fairly limited explanation and does not cover the scope of cyber security actors, this study is here to offer the urgency of cyber security actors in being responsible and maintaining the security of a company's personal data by linking it with the PDP Law which is still relatively new. The legal issues raised in this legal research are: Responsibility of cyber security actors for leakage of personal data in a company and What is the form of legal protection in Indonesia in maintaining personal data security. The research method uses a socio-legal approach to IT and legal identification. The results of this study show that cyber security actors in a company can be held accountable in accordance with Article 30 of the PDP Law and are responsible for personal data leakage and managing personal data of users within the company. a form of legal protection for individuals in safeguarding personal data is in the form of legal products of Law Number 27 of 2022 (PDP Law