In preparation for the Security Labels & Schrems II session that is happening on Thursday, in this session we will be executing a Threat Model exercise aimed at mapping out the multiple Threat Modeling components of the scenarios affected by "Schrems II" (Threat Actors, Data Flows, Use Cases, Security Boundaries, Vulnerabilities and Risks)
As per the Schrems II ruling, the US is no longer an adequate country for EU personal data. BCS recently did a recent webinar on the legal aspects which you can see here
So far, the ICO guidance in the UK is to map your data flows in preparation for further guidance.
See also this page at the Open Security Summit website