This paper examines Indonesia's Personal Data Protection Law (PDP Law) in the context of the rapidly expanding Internet of Things (IoT). It explores the effectiveness of the PDP Law in safeguarding personal data amidst increasing IoT integration in various sectors, notably smart homes and wearable technology. Inspired by the EU's General Data Protection Regulation (GDPR), the PDP Law addresses data protection with specific regard to the unique challenges posed by IoT, such as extensive data collection and heightened vulnerability to breaches. Through a comparative analysis with GDPR, the paper highlights both strengths and potential areas for improvement within the Indonesian framework, suggesting enhancements like incorporating privacy by design, establishing a robust data protection authority, and creating detailed guidelines for IoT data handling. The goal is to enhance the PDP Law's capability to manage privacy risks in an interconnected digital era, ensuring effective data protection and compliance with global standards.