The main objective of this thesis is to understand the legal framework and the difference between old European Union (EU) Data Protection Directives and new EU Data Protection Regulation as well as their implications on IoT based industries. A substantial amount of literature study has been done to provide a background of EU Data Protection Directives. Following that, some new Regulations has discussed. Another aim of this thesis was to identify the implications of new Data Protection Regulations. With this purpose, the research was channelized towards two legal frameworks. Research work about the regulations, the information about the various IoT industries holding personal data, their methodologies and implications of the legal framework were carried out. As a final point, the author wants IoT based industries to reconsider their aim of launching new products and focus more on complying new Data Protection Regulations enforced by the European Commission (EC) and perform the necessary amendments before the deadline. Consequently, the thesis proposed some recommendations for compliance and with an aim of avoiding huge fines enforced by the EU. Keywords: Internet of Things, General Data Protection Regulations, European Union, Personal Data