Digital innovation offers myriad advantages to companies but also entails risks necessitating mitigation. To safeguard against adverse impacts on both the company and its consumers, adherence to legal obligations is imperative. Privacy and security risks pose potential economic, ethical, or legal ramifications for consumers and companies alike. The duty to safeguard personal data is shared between governmental bodies and companies, with the latter assuming primary responsibility as service providers. Ethical business conduct entails the protection of user data and transparent disclosure of data usage to users. Companies also need to consider human, technological, and environmental aspects before developing new technologies. Therefore, awareness from companies is needed to fulfill their digital social responsibility. The latest regulation is Law Number 27 of 2022 concerning Personal Data Protection. Personal data protection is one of the main focuses of Corporate Digital Responsibility (CDR) or Corporate Digital Responsibility. The CDR concept is an evolution of Corporate Social Responsibility adapted to the digital era. In CDR, companies are expected to adopt practices that consider digital culture. It can be an effective strategy to integrate business and government interests in efforts to protect digital users.