This section of the Workbook deals with issues arising from the placement of personal data under your control with 3rd parties. For example, subcontractors and software vendors where your data is held in the cloud.
No short cuts here
Without confirmation that these 3rd parties are GDPR compliant it would appear that lapses in their security arrangements then become your problem.
The last three sections of this page provide details of the sorts of terms that should be included in contracts, whether you are the Controller or Processor in the arrangement.
Resources in the support portal
You should also read the guide (step 9) set out in the “12-Steps” section of the support portal. You can also download a “Draft request to send to 3rd parties” that you can adapt (see the Templates and Downloads section of the support portal).
For me, the major issue is chasing up software vendors. Once you are confident of the terms you need to agree with 3rd parties, you will need to be persistent to secure their confirmation that contracts in place confirm GDPR compliance.