It's not simple, but also from the technical and business process perspective it's mostly a solved problem, all the international cloud B2B services know how to handle that for their customers.

I mean, that's not theory or some hypothetical proposal, that's the established practice of how handling private data works for more than 5 years for almost half a billion people and all the businesses in EU; that's how (for example) Salesforce works with all the many EU companies handling data in Salesforce systems.

In general, the process for handling actual business data for all kinds of companies from manufacturing to retail is quite clear, and the only disputes we see are for the (relatively few) global online consumer service companies handling the exploitation of online customer data. If you're e.g. a flower shop (even with online ordering) or a dental clinic (even with online appointments) and you don't want to explicitly stretch the limits with some shenanigans, then you just follow the same standard practices as all other shops in your country, all while using whatever online services you need - it's very rare that some global B2B service doesn't handle GDPR compliance, all that I wrote above is what almost every cloud company will do for you because they do that for so many customers for years already.