The EDPB has issued draft "recommendations" for organizations who are in scope of the GDPR and exchange personal data with recipients located outside Europe. The 38 pages document is put up for consultation, but the EDPB has also created a "road map" which summarizes the thinking on GDPR-compliant data transfers in a nice, visual, fashion.
Happy to see that decision flow is in line with the data transfer compliance assessment that we have developed at @Bakermckenzie. On first read the EDPB seems to confirm there is no "silver bullet", nor a "one size fits all" approach. Keen to dive into the details and who knows we will be publishing feedback in the consultation.
In need of an overview of the different steps data exporters must take to find out if they need to put in place supplementary measures to be able to transfer data outside the EEA in accordance with EU law? Look no further!
