The CLOUD legislation in the United States mandates that cloud service providers give data to US authorities upon request. This also applies to American companies that process European data. A request from the authorities is sufficient, and neither an explanation nor a court order is required.
The key issue with allowing an American company to process your European personal data is the intrusive nature of the surveillance programs undertaken by the US government and intelligence agencies allowed by Section 702 of FISA (Foreign Intelligence Surveillance Act) and Executive Order 12333 (viewed as disproportionate under the GDPR).
The GDPR was created to protect European's citizens data, to give rights to data subjects at a time where the data is a resource used by companies to make profit. The core idea is to protect the European citizens.