In order to ensure a consistent and high level of protection of the rights and freedoms of natural persons with regard to the processing of such data and to remove the obstacles to flows of personal data in all Member States of the EU, the “General Data Protection Regulation (GDPR)” was adopted in 2016. Today, the GDPR is the main legislation in the EU for the protection of personal data of the natural persons. Due to the increased value of personal data in EU Member States, the objective of the GDPR is to provide high level protection of the data while harmonizing data protection within the EU. Even though it aims at a high level of data protection, it is questionable whether it actually achieves this objective. Since the natural persons provide their personal data on Internet frequently in order to purchase a product, the protection of consumers’ personal data is a significant matter in practice. In order to throw light on this matter, this thesis inquires the protection of consumers’ data in the EU regarding electronic contracts with businesses. Within the context, the main point that is discussed in this work is whether the personal data protection provided under the GDPR is sufficient to protect consumers' data regarding electronic contracts with businesses and some possible solutions and proposals to reduce the deficiencies of the GDPR protection.