So the recommended steps subject to public consultation are:
1. know your transfers - by data mapping;
2. verify the transfer tool your transfer relies on (adequacy decision or SCC etc);
3. assess if there is anything in the third country that may impinge on the effectiveness of the safeguards of the transfer tools;
4. identify and adopt supplementary measures (ties in with step 3);
5. take the formal procedural steps your supplementary measures require; and
6. re-evaluate at appropriate intervals the level of protection afforded to the data transferred to third countries etc.
While I would expect steps 1 and 2 to be fairly straight forward, steps 3, 4 and 5 may potentially be quite onerous, and will require transferors to do due diligence for overseas jurisdictions to which they intend to transfer the personal data.
The formal recommendations now aim to assist controllers and processors acting as data exporters with their duty to identify and implement appropriate supplementary measures where they are needed to ensure an essentially equivalent level of protection to the data they transfer to third countries.