Enforcement Rules of the Personal Information Protection Act Article 17 states that ＂the Act shall mean the personal information processed by ways of code, anonymity, hiding parts of information or other manners so as to fail to identify such a specific person,＂ so as call the ＂Deidentification＂ issue. Since 2014, Nov 17th the Ministry of Justice has explained that ＂De-identified personal information cannot identify directly or in-directly a specified individual.＂ certification has become our standardization primary issue. Thus, we discuss EU's General Data Protection Regulation including ＂De-identification＂ mention before in ＂Personal information management system＂ certification, whose implementation follows International Organization for Standardization (ISO) standardization.