The issue of privacy and personal data protection has often made headlines in recent years, especially in the context of social networking, consumer profiles by online advertising companies, and cloud computing. In Indonesia through the EIT Law and MoCI Regulation 20 have not been comprehensively able to answer the challenges of protecting personal data. While other countries such as Singapore and Malaysia have arranged it with the help of the Authority established to resolve national and international issues related to the protection of personal data. In this study, it was found that data protection challenges include the unclear principle of data protection in Indonesia, the terminology of personal data, sensitive personal data, and the responsibility of service providers and data users. For this reason, Indonesia requires personal data protection laws which regulate: (1) All principles and terminology relating to data protection, sensitive data, cross-border flow of personal data, crimes against personal data, big data, cloud computing, and data related to artificial intelligence. (2) All violations must be threatened with fines and criminal threats that show seriousness in preventing violations of the law against a person's personal data. (3) Establishment of a Primary Authority that handles the protection of personal data and will represent the Government of Indonesia internationally on issues related to data protection.