Comment by MrQuimico

The problem is not only the geo location of the datacenters. As long as these subsidiaries are under the control of a USA corporation, this is illegal, since the USA corporation can be requested by the USA gov to share any data they may have not matter where it's stored. Only options are a 100% GDPR compliant solution (European or from a country with similar laws) or self-host. Hopefully another Privacy Shield like agreement will be in place soon.