In Chapter V of the GDPR, there is a list of approved services. If The European Commission has already declared the country, region or sector to which you are transferring the data as adequate, through one of its adequacy decisions under Article 45 GDPR, or under the previous Directive 95/46, as long as the decision is still in force, you will not need to take any further steps, other than monitoring that the adequacy decision remains valid.
The European Commission has only recognised Andorra, Argentina, Canada, the Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay as providing adequate protection so far. As most of the services we use are based in the USA, then it is likely that there is no adequacy decision, and you will need to rely on one of the transfer tools listed under Articles 46 of the GDPR. Transfer tools include binding corporate rules, codes of conduct, certification mechanisms, and ad hoc contractual clauses.
Luckily, some big service providers are committed to being GDPR compliant and you won’t be suspending use to some essential services. For example Microsoft’s products can still be used, and bigger companies will have specific data protection agreements with them. However, we still recommend talking to a GDPR expert to understand exactly what your organisation can or cannot use.