As we start to see the first formal enforcement actions restricting data transfers to the United States under Schrems II, and with new E.U. standard contractual clauses (SCCs) that came into force in September 2021, companies that had been taking a wait-and-see posture to their cross-border data transfers are best advised to complete their transfer impact assessments (TIAs) and update their SCCs. These are not insignificant tasks. In this first part of a two-part series on navigating data transfers out of the E.U., we discuss some of the biggest challenges for companies, how and when companies are using binding corporate rules and offer advice on conducting TIAs from Hogan Lovells, Greenberg Traurig, Steptoe & Johnson and Ethos Privacy. Part two will cover trends and suggested approaches to SCCs and supplementary measures, and the impact of the recent Google Analytics decision. See our two-part series on personal data transfers after year zero: “Are the New SCCs a Paradigm Shift?” (Jun. 30, 2021); “A More Appealing Set of EDPB Recommendations?” (Jul. 14, 2021).