The European Commission is proposing a reform to the Data Protection rules. Although they've highlighted a few things in the press release, there is some wording which may be of interest if you work for an NGO that is made up of different organisations in different countries. (It applies to companies too, but as UK charities have to be autonomous, as I understand it, we may have looser links with our partners, yet share data.)
As I Am Not A Layer, I shall just quote rather than make interpretations.
"...legitimate flows of data to third countries will be made easier by reinforcing and simplifying rules on international transfers to countries not covered by an adequacy decision, in particular by streamlining and extending the use of tools such as Binding Corporate Rules, so that they can be used to cover data processors and within groups of companies , thus better reflecting the increasing number of companies involved in data processing activities, especially in cloud computing;" from the communication.
"Member States shall provide that where a controller determines the purposes, conditions and means of the processing of personal data jointly with others, the joint controllers must determine the respective responsibilities for compliance with the provisions adopted pursuant to this Directive, in particular as regards the procedures and mechanisms for exercising the rights of the data subject, by means of an arrangement between them." from the proposal.
I found out today that the US is working on a Privacy Bill of Rights and working together with the EU. Good to see.