Data transfers to third (or restricted) countries are a bit of a mess right now, and this has been made all the more messy by the UK trying to 'get Brexit done' by replacing EU laws and agreements with Brexity ones. After puzzling over the question of what contract UK and EU exporters should be relying on, I decided to actually put it out on a whiteboard and share it with you. I hope this helps. Also, sorry.
I recently wrote a bit for the folks at Castlebridge, discussing the Department of Commerce’s recent whitepaper of the US' privacy policies in the post-Schrems world. You can read it here: