TL;DR: If SCCs and supplementary measures cannot protect personal data from the risk of unauthorised access, the transfer cannot proceed.

Unless you encrypt everything and keep encryption keys away from AWS, your measures are not sufficient.

Effectively, no EU resident data processing can take place on AWS.

Same with Azure and GCP.

The URL does not respect anchor to relevant section, here it is: https://wideangle.co/blog/scc-definiteve-guide#case-study-st...