Although a EU regulation, the GDPR applies to all companies with at least one EU customer, thus encompassing many publicly-traded U.S. firms.  This paper examines the stock market reactions to the adoption of the GDPR as it applies to U.S. firms.  As predicted, it finds a differential stock price reaction between firms more likely to be affected by the regulation, that is, firms whose businesses are business-to-consumers (B2C) and those less affected, that is business-to-business (B2B) companies.  On average, the stock price reaction to the B2C companies are higher than those found for the B2B firms.  We also predict and find that B2C firms with board members with backgrounds in IT earned higher stock returns around the adoption of the GDPR, a finding consistent with the market viewing the board of directors as an appropriate vehicle for managing cyber privacy concerns.  Finally we provide evidence that between 2015 and 2017, all U.S. publicly-traded firms, on average, increased board expertise in IT, and added a chief information officer to the firm; further, the likelihood of the board changes are inversely related to the abnormal returns earned by the firm over the adoption period.