Personal Data Protection Law And Information Security Risk Management In Higher Education Institutions
Abstract
Technological advancements have increased the risk of personal data breaches, including within academic environments. This research analyzes the implementation of Law No. 27 of 2022 on Personal Data Protection in information security risk management within higher education institutions. The method used is Design Science Research Methodology, comprising four stages: observation, interviews, BPMN annalysis, and stakeholder evaluation. The results indicate a persistent gap between regulation and practical implementation, as well as significant risks of data breaches. A new BPMN model is proposed to enhance compliance and data security. Evaluation demonstrates that this model can support higher education institutions in complying with the PDP Law.
Downloads
Copyright (c) 2025 Bimo Satrio Trengginas

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.