My bigger worry would be continued data access. So even if the data is in Germany, access to it is still controlled by an US entity, which can be forced by the US government to shut off access. Given that the current administration seems to enact embargos on a whim, this doesn't seem too unlikely.
In my limited experience, Germans are more sensitive to personal privacy than other Europeans, even the rest of the world. To non-Germans they might seem paranoid. Maybe we can all learn from their historical mistake.
The problem I see with the DIY-attitude is that security is easy to get wrong and is moving target. The other opinion here is "keep it in the country". If someone really wants your data, the locale won't save you. And yet, if there is a breach, I could see an foreign company like AWS trying to hush it, where a German company would make a bigger fuss (diplomatic issue).
