The European Data Protection Board draft recommendations 01/2020 on “measures that supplement international transfer tools to ensure compliance with the EU level of protection of personal data” provide useful further guidance on how to comply with the CJEU ruling in Schrems II. However, practical implementation of these recommendations will be very difficult for organizations. In this statement, the EBU urges the EDPB to adopt a more flexible and risk-based approach and outline more realistic and proportionate technical measures for companies to work with.