We regularly discuss GDPR matters in our German company because there's a lot of FUD concerning the various cloud platforms and we have to cater to sensitive customers with our own hosting. One extreme is that you can't use AWS at all because of Schrems and it's a US compancy etc. On the other hand there's some hearsay about Microsoft (Azure) being tolerated because there's no way around it.
Imho, the "FUD" is largely right and most cloud platforms are indeed illegal.
However, due to enforcement being absent or taking ages, there are too few legal decisions and big expensive enforcement actions that one can point to. Currently everything is really still fear, uncertainty and doubt, the hammer hasn't come down yet. I'm not sure if it ever will, at least not before EU institutions or other member states such as France force Germany to stop dragging its feet.
It's a bit tedious to work in that climate of uncertainty. Every time we want to use some AWS service it prompts endless discussions.
On the other hand it made us research and use European alternatives such as Hetzner (they have a cloud too, although with less SaaS offerings), OVH or Scaleway.
