The European Union (EU) now seem to have its own form of Foreign Account Tax Compliance Act (FATCA) called the General Data Protection Regulation (GDPR).
Instead of policing other countries for individuals or entities in breach of its regulations because tax concerns, this EU directive will seek to police data mining, it storage and security.
Data mining in today's world says privacy activists is like the wild West, dangerously unregulated. Mobile apps for example can collect data without consent of unsuspecting individuals, and share that information for profit. This also occurs when one might do business with businesses who share, store, and sell a persons data.
The data protection reform package which entered into force in May 2016, will be applicable as of May 2018 includes the General Data Protection Regulation.
The reform is an essential step to strengthening citizens' fundamental rights in the digital age and facilitating business by simplifying rules for companies in the Digital Single Market.
It focuses on setting global data protection standards; reinforcing individuals' rights; strengthening the EU internal market; ensuring stronger enforcement of the rules and; streamlining international transfers of personal data.
In setting global standards with regards to data protection, countries, individuals and other entities will have to conform with the EU's requirements, or be fined. This "net" will have an even greater effect than the US' FATCA requirement for its citizens doing business across the globe.
The changes will give people more control over their personal data and make it easier to access it. They are designed to make sure that people's personal information is protected no matter where it is sent, processed or stored – even outside the EU, as may often be the case on the internet.
The new rules address these concerns through a "right to be forgotten" that is when an individual no longer wants her/his data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted.
Easier access to one's data. Individuals will have more information on how their data is processed and this information should be available in a clear and understandable way. A right to data portability will make it easier for individuals to transmit personal data between service providers.
The right to know when one's data has been hacked. Companies and organisations must notify the national supervisory authority of data breaches which put individuals at risk and communicate to the data subject all high risk breaches as soon as possible so that users can take appropriate measures.
Data protection by design and by default: ‘Data protection by design' and ‘Data protection by default' are now essential elements in EU data protection rules. Data protection safeguards will be built into products and services from the earliest stage of development, and privacy-friendly default settings will be the norm, for example on social networks or mobile apps.
Partially Sourced: European Commission - Press release