ABSTRACT : The rapid rise in threats to customers‘ personal data—driven by the exponential growth of digital information technology—has created an urgent need for comprehensive legal safeguards within the banking sector. In Indonesia, these protections are enshrined in Law No. 4 of 2023 on the Development and Strengthening of the Financial Sector, Law No. 27 of 2022 on Personal Data Protection, and Financial Services Authority Regulation No. 44 of 2024 concerning Banking Secrecy. This thesis seeks to analyze the nature and scope of banks‘ legal liabilities under the applicable statutes and to evaluate the relevance of the Personal Data Protection Law and FSA Regulation No. 44/2024 as instruments for reinforcing those safeguards. Employing a normative-juridical approach, the study relies on statutory analysis and documentary review. Findings indicate that banks are duty-bound to protect customers‘ personal data through rigorous security systems and bear full responsibility for any data breaches. This duty encompasses legal, technical, and ethical obligations inherent in the bank‘s role as a data controller. Consequently, strengthening protective mechanisms through collaboration among banks, regulators, and the public is imperative. The key recommendations are adopting adaptive security technologies, enhancing human-resource capacity, conducting periodic data-security audits and educating customers about their personal-data rights.
Keywords: Customers’ Personal Data, Legal Responsibility, Banking.