A bit of a muddle?
"The guidance also allows for data sharing with encryption only if the "keys are retained solely under the control of the data exporter"
[1] if the keys are only retained by the exporter, how will the importer make use of the data?
[2] There seems to be some confusion between sharing and transfers here. Exporter and importer are parties to transfers, the legality of which depends on such things as being within the EEA, binding corporate rules, standard contractual terms or adequacy decisions, all of which are regulatory or statutory. The legality of sharing depends on sharing agreements which are merely contractual between the parties concerned.