Our corporate website's server is located in a country that's considered not an “adequacy decision” country, according to GDPR.
I'm aware that GDPR allows that (under certain conditions). It's just I don't understand exactly what must be done to match those requirement. GDPR says: "In the absence of an adequacy decision, the GDPR does allow a transfer if the controller or processor has provided “appropriate safeguards”. These safeguards may include:
Standard data protection clauses: Then some legal mumbo-jumbo that means nothing to me.
Binding corporate rules “BCRs”: Then some legal mumbo-jumbo that means nothing to me.
So as a Data Protection Officer - what exactly should I do (if anything)?