Abstract: The implementation of the EU’s General Data Protection Regulation (GDPR) in 2018 brought about tremendous changes in global data governance pattern. The GDPR requires that the level of personal data protection within and outside the EU must be substantially equivalent for cross-border data flow. Personal data in the aviation industry has become an important object of GDPR because of its natural global mobility. Now that the GDPR has been in effect for over five years, its substantive contradictions with the PNR Directive and related agreements have been increasingly prominent, and its compliance has also been questioned. Additionally, several cases of hefty fines show that global aviation industry is facing severe GDPR compliance challenges. However, it is not clear how China’s civil aviation industry should deal with the increasingly strict enforcement of GDPR in the future. Based on empirical evidence of the general application path of the GDPR, the EU’s extraterritorial application of the GDPR in the field of civil aviation may revolve around a framework of commitment and cooperation. In the future, while preventing the risk of being punished for violating the GDPR, China’s civil aviation industry should also enhance the extraterritorial protection of civil aviation data with the help of the GDPR, improve and promote the establishment of a multilateral framework for PNR data exchange. Furthermore, it should strengthen cooperation with the EU on the basis of seeking common ground while reserving differences, build a China-Europe data transfer channel and explore a joint cross-border data supervision and law enforcement mechanism to push forward the implementation of the China plan for global data governance.