I'm not concerned about the security but I am concerned about the compliance of Google Suite. We use Gmail for our emails and Drive to store our documents and at the moment Google has no way of limiting our account to only using data centres in Europe. Changing to another provider is not an option. Another interesting one is an application we have that is used around the world. We have a central user database that is replicated for performance and redundancy, meaning all global users will be in a copy of the database in Europe, US and Australia. Should we stop the replication for European users to be compliant? All we're storing is full name, username, phone and email address.
Is not that the EU GDPR forbids you to send or store data outside the EEA but rather it requires that you mention to the individuals that their data may be sent outside the EEA and the safeguards you took to make sure that the data is processed in a lawful manner.
So, you should first communicate this to your customers though you Privacy Notices.