This policy brief examines two governance frameworks related to personal data protection: the EU General Data Protection Regulation (GDPR) and the APEC Cross Border Privacy Rules (CBPR) system. It starts by situating the GDPR in context and explaining its most important features, followed by a brief analysis of how the CBPR system fits in the current global privacy landscape. Next, it takes a comparative look at the privacy regimes of the GDPR, CBPR and OECD. Implications of the GDPR for companies in the APEC region are also discussed.