In today’s modern age, we are in the 4th industrial revolution or also known as industrial revolution 4.0, where this revolution is driven by the development of information and communication technology, physical cyber systems, and intelligent automation which is all supported by the internet of things. The use of massive technology and everything that is interconnected brings benefits toward human transactions and business activities, which now can be carried out using the internet and using personal data where they are interconnected, this also means massive changes to the payment dan business side of things, which can be done by using online applications such as Tokopedia, Lazada, Bukalapak. Ovo, Go-pay, Dana, etc. Furthermore, personal data are data which has relations with individual or private information which are confidential. The presence of personal data facilitates new occurrences or new crime methods, which in this instance is called cybercrime. The type of cybercrime that occurs related to personal data is personal data theft or personal data leak, as such is the case in e-commerce marketplace that happened a while back in Bukalapak and Tokopedia. Moreover, because such cases occur, there need to be cohesive regulation which can regulate and guarantee legal protection of personal data. In regard to this, regulations related to the legal protection of personal data in Indonesia already exist, but we do not have it comprehensively regulated law which can guarantee and protect personal data that is because as of right now the regulation are still in the form of a draft, namely RUU PDP and the regulations in regards to personal data are still fragmented in other laws such as the banking law, health law, ITE law, Administrative law, PP PMSE, etc. This is not like in European Union, in which they have a comprehensively regulated personal data law, which is called the general data protection regulation (EU-GDPR). Furthermore, in conducting this legal research, the method that will be used by the writer is, normative empirical, in which this research will compare the legal protection of personal data at the e-commerce in Indonesia and the EU-GDPR in order to analyze the differences and the implementation between both of Regulation. Which Based on the research conducted, it can be concluded that in regard to the that Indonesia’s law is still scattered and has still no clear legal meaning