Cross-border data transfers post-Schrems II: SCCs with technical supplements

Our legal team is updating data processing agreements for US-based subprocessors. The new SCCs are in place, but the transfer impact assessments (TIAs) require technical supplementary measures. Jurisdiction: EU, DE Are you standardizing on encryption-in-transit with customer-held keys, or are you going further with tokenization before data leaves the EU? Looking for patterns that have actually satisfied a DPA during an inquiry — not just theoretical compliance.