Now that the treaty is definitely cancelled, we could say: it is better to have no agreement than a bad agreement. But in the mean time the question continues to be if it is wise to entrust privacy sensitive data to parties who have there cloud servers located in the US. What is precisely happening with that information now that there is no international treaty with clearly dictated rules. The legislative uncertainty remains large.
When selecting a cloud provider it is also still important to be aware of the owner of the datacentre. If a European datacentre has an American owner, it is formally under American supervisory legislation. Therefore, a difficult situation can be created, because every European datacentre also belongs to the GDPR. Another scenario: if a European datacentre and its American owner detach from each other, where does the data go to?
Another point which should be of interest is cloud providers from outside the European Union who offer the possibility of saving data in Europe. This can be done without additional measures, as long as there is no data-processing which happens outside the EU. However, than you need to be extra careful that there is no party outside the EU involved. Vigilance is therefore very important, also when subcontractors are hired by data processors.