In the exploration of governance of cross-border transfers of personal data, the EU has gradually formed a system for the cross-border transfer of personal data, represented by the GDPR, with the values of protecting the fundamental rights of citizens, breaking down barriers to data flow internally and emphasising data sovereignty externally, and with the main features of the "adequacy determination" and "white list" system, the long-arm jurisdiction system and international cooperation, which has had a widely international impact. China has established a mechanisms for the cross-border transfer of personal data based on "data localisation", with national security as the primary guiding principle. To further integrate into digital globalisation, and drawing on the EU experience, the system of cross-border transfer of personal data in China can be further improved by appropriately enhancing the freedom of cross-border transfer of personal data, establishing a classification and gradient management mechanism for countries that transfer personal data across borders, establishing a "partial" adequacy agreement with the EU, and expanding the scope of international cooperation.