OBJECTIVES: The purpose of this paper is to identify and analyze the comparison of the regulation of personal data protection supervisory authorities between Indonesia and South Korea and the design of Indonesian personal data protection supervisory authorities to fulfill the adequacy decision based on Indonesia's constitutional system

METHODOLOGY: This research uses a normative juridical approach. The normative juridical approach is legal research, which involves researching literature or secondary data as the basis for conducting research by searching for regulations and literature related to the studied problem.

RESULTS: The National Data Center under the Ministry of Communication and Information Technology assesses the privacy impact to prevent hacking by Ransomware that often happens today by avoiding errors in data processing such as no data backup.²⁵ This authority needs to be adopted in the personal data protection supervisory authority in Indonesia to ensure that there is no violation of the rights of data subjects due to the processing of personal data carried out by institutions or individuals.

CONCLUSION: The design of this personal data protection supervisory authority is expected to be in a single form under the executive and carry out its duties, authority, and functions independently, so it is necessary to reaffirm the independence of the data protection authority in the law. In addition, it is also essential to ratify the Presidential Regulation whose content is related to institutional personnel, recruitment mechanisms, and member dismissal mechanisms.