The EU General Data Protection Regulation(GDPR) is a new personal information protection framework of the European Union(EU) and is a rule concerning the processing and relocation of personal data. GDPR has been enacted in April 2016 as a regulation that directly affects EU member states, and has been in effect since May 25, 2018. Where Korean companies deal with EU resident personal information while providing products and services directly to EU residents, will also be subject to GDPR (GDPR Article 3 Extraterritorial Application ). In principle, GDPR prohibits the transfer of personal information from companies in the EU region to third countries outside the EU (Article 44 “Information Transfer in GDPR). There is also provision in GDPR that regulations are not handled by Korea s Personal Information Protection Act or regulation is enhanced by Korea s Personal Information Protection Act. Regarding the limitation of data transfer in the current GDPR, a considerable number of Korean companies respond by standard contract clause or individual agreement. The Korean government needs to settle a dialogue with the European Commission to recognize adequacy. As a Korean company dealing with the EU in a state that adequacy has not yet been admitted, means for conformity with the EU Personal Information Protection Act, namely Standard Contractual Clauses (SCC) or binding company regulations (Binding Corporate Rule: BCR) or from the person himself / herself agreeing on data transfer, adequacy is recognized and information must be transferred. Also, in response to requests from JEITA, etc. in GDPR, “Certification system has been added as one measure of “data transfer to third country by appropriate safety control measures . This opens the way for cross-border information transfer using the third-party certification system prevalent in our country. In the event that long-term assessment of adequacy is required for Korea as a whole (or for the private sector as a whole), in the next best practice, companies that have obtained certification based on certain requirements in Korea will be able to receive data transfer unconditional from the EU.