In 2016, the European Commission recognized the Privacy Shield as a mechanism for an adequate level of protection for the transfer of personal data from the European Union. Yet, the Schrems II decision invalidated the Privacy Shield. A recent decision by the European Data Protection Board offers six steps to follow when transferring personal data outside of the EAA.