Simply keeping the data in the EU won't fix anything so long as that data is still being held by US controlled entities, as those entities will still be forced to hand over the data regardless of where it is>
NO! This isn't the case.
What each entity will have to do is separately agree contracts with the relevant data protection registrar (default contracts exists) as to how they will protect that data.
Those contracts will have "get outs" for providing data to law enforcement under warrant. What will be prevented is the wholesale transfer of data to other parties the US. This was supposed to have been prevented anyway - the companies self certified that they were abiding by the relevant EU data protection laws - that data would only be used for the purpose it was gathered for and, if it was passed on to any other parties, those parties would be contractually obligated to follow the same terms.
What this ruling has said is that the "safe harbour" self-certifying regime is not sufficient for data being sent to the US and companies will have to agree individual contracts (with legal and financial consequences if they then violate them)
For the big operators this isn't going to be such a big deal anyway (unless they're secretly handing everything over to the NSA when it will hurt if/when that is uncovered) but it's going to be a right royal pain for smaller companies that may, for example, export payroll data to the US head office for processing.
Furthermore, there's no problem with EU citizens exporting their data to the US - so buying things on a US website, giving name address etc, won't be a problem UNLESS that company operates its servers in the EU. The EU data protection directive basically restricts what OTHERS can do with an individuals personal information to that which is strictly required to complete whatever process it was gathered for.