Check on your ICT Service vendor from the USA
The EDPB advises you to know your transfers.
Mapping all transfers of personal data to third countries to ensure that it has an equivalent level of protection wherever it is processed.
You must also verify that the data you transfer is adequate, relevant and limited to what is necessary in relation to the purposes for which it is transferred to and processed in the third country.
A second step is to verify the transfer to the country, region or sector to which you are transferring the data is adequate according to the European Commission.
A third step is to assess if there is anything in the law or practice of the third country that may impinge on the effectiveness of the appropriate safeguards of the transfer tools you are relying on, in the context of your specific transfer.
A fourth step is to identify and adopt supplementary measures that are necessary to bring the level of protection of the data transferred up to the EU standard of essential equivalence.
Read more about this:
Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data | European Data Protection Board (europa.eu)