This paper aims to offer two contributions to the data regulation literature. First, I build a quantitative trade model to evaluate the welfare effects from changes in data regulation. Second, based on the constructed model, I employ data from theWorld Input-Output Database (WIOD) to examine the impact of the EU General Data Protection Regulation (GDPR). In this paper, I highlight two distinct features of the GDPR, namely, regulation costs and fines as penalty. I show that an increase in regulation costs due to the GDPR hurts all trading partners of the EU in terms of real consumption, whereas the EU can benefit from imposing fines to violators if the penalty is not too strong. The magnitude of welfare effects stemming from the GDPR considerably differs across countries as well as depending on market structure and/or intermediates. The paper suggests that non-EU countries should make efforts to comply with the GDPR, but have to improve their quality of institution relating to data protection regulation in the long-run.