The protection of bank customers' personal data has become a critical and urgent issue in the digital era, where rapid advancements in information technology have significantly increased the risk of data breaches, unauthorized access, and misuse of sensitive personal information. Banks, as custodians of vast amounts of personal and financial data, are particularly vulnerable to these risks, which can undermine customer trust and lead to substantial legal and reputational consequences. Addressing these concerns, this research delves into the regulation and implementation of personal data protection measures for bank customers in Indonesia, with a particular focus on the legal framework established by “Undang�Undang Nomor 27 Tahun 2022” concerning Personal Data Protection. This study employs a qualitative research method to explore the complexities of personal data protection within the banking sector. Data is obtained through a in-depth interviews and an extensive review of relevant legislation. The research examines the rights, obligations, and responsibilities imposed on banks under existing laws, as well as the challenges they face in ensuring compliance with data protection standards. By analyzing the provisions of “Undang-Undang Nomor 27 Tahun 2022,” this study sheds light on how the law has sought to enhance the protection of personal data by providing a more robust legal foundation. The findings reveal that the enactment of “Undang-Undang Nomor 27 Tahun 2022” marks a significant step forward in strengthening personal data protection in Indonesia. The law introduces clearer guidelines and responsibilities for data controllers, including banks, to safeguard customer data from breaches and misuse. Additionally, it establishes mechanisms for redress and accountability in cases of non-compliance, thereby promoting a higher standard of data governance. However, the study also identifies practical challenges in the implementation of the law, such as the need for greater public awareness, better coordination between regulatory agencies, and enhanced technological capabilities within banks to ensure compliance.