The EDPB has issued draft "recommendations" for organizations who are in scope of the GDPR and exchange personal data with recipients located outside Europe. The 38 pages document is put up for consultation, but the EDPB has also created a "road map" which summarizes the thinking on GDPR-compliant data transfers in a nice, visual, fashion.

Happy to see that decision flow is in line with the data transfer compliance assessment that we have developed at @Bakermckenzie. On first read the EDPB seems to confirm there is no "silver bullet", nor a "one size fits all" approach. Keen to dive into the details and who knows we will be publishing feedback in the consultation.