As the Personal Information Protection Act passed the National Assembly in 2011, a personal information protection legislation was established that unites the public and private sectors. Although the legislative environment for personal information protection was systemized by the implementation of the Personal Information Protection Act, the Personal Information Protection Act changed once again with the bursting of personal information leakage of the three card companies. The revision of the Personal Information Protection Act prohibits the collection of sensitive personal information, such as social security numbers, in the private sector. Nevertheless, personal information leakage incidents continue to occur. In Korea, the Personal Information Protection Act is the basic law for the protection of personal information, but various laws deal with personal information, so a unified and systematic legal system should be established. The modern information society is moving toward the intelligent information society with the development of artificial intelligence. In the intelligent information society, the protection of personal information is becoming more important due to the wide use of data. The European Union has already enacted and implemented the Privacy Guidelines in 1995 with the growing importance of privacy. In 2002, the Personal Information Protection Guidelines were prepared in the area of electronic communication. Since then, privacy has been upgraded to basic rights through the European Charter of Human Rights. The European Union has implemented a GDPR that has been further embodied since 2018 and strengthened the rights of data subjects. GDPR strengthens the rights of information subjects in line with the intelligent information society, and improves efficiency through more flexible responses in the use of personal information. On the contrary, Korea s privacy protection legislation is implemented not by a single law but by plural laws, which makes it difficult to respond quickly and uniformly to personal information infringement. Therefore, a unified legal system must be established for the protection of personal information. In order to improve the system of oversight of the protection of personal information, the Commission must first become a fully independent institution and authorize equivalent international standards. The Privacy Commissioner shall establish a legal status as a central authority for the protection of personal information. In addition, the authority to supervise, investigate, and execute the supervisory authority should be granted. In addition, the rights of information subjects should be expanded to meet the new intelligent information society, and regulations should be established to specify the right to move personal information and the right for automated decision-making, and to specify the conditions of foreign relocation. In addition, through the introduction of pseudonym processing system, overall improvement is needed, such as activating the use of personal information. As the European Union implements GDPR for personal information protection in the new era of intelligent information, legislation is needed to protect personal information. The European Union has upgraded the right to privacy to basic rights through the Charter of Basic Rights. Accordingly, various measures for the protection of personal information were prospectively included in GDPR. The Personal Information Protection Act should also be improved and maintained in accordance with the intelligent information age.