Yes they will notice you'r app if more then 1 in 10 people start to report your app. Also the moment reports pile up you'll be under the investigation. However long before you get reported, they do a manual check, not sure if you noticed but when you upload your game version, and information regarding your new app, they are taking around 48 hrs to verify your app submission. So there are 2 ways they can check you, not to mention the smart google AI which by now i think is implemented in everything google has up and running (deep mind).
As how to make sure your following the GDPR 100% rules? read the GDPR rules here or here and also here and follow them manually. The policy and tos generators are good to give you a example form, but you can alter it in order to comply with GDPR updates google tos etc. And if you have some cash to put into the safety of your app, hire a lawyer online like rocketlawyer or something that do this stuff of things. There might be generators online that are made by lawyers themselves keeping everything up to date, based on different platforms either google or ios etc.
Google doesn't sue you cause of your TOS or Privacy worst they do is suspend your account indefinitely until you contact the support team and find a solution if there is one that can be applied. But if you get suspended is game over with them usually, they hardly give a 2nd chance to anyone.
However in most of tos/privacy violation you will get notified a few times, and they will tell you to take the app down and fix its issues. If you ignore those warnings then the above might apply.
They will sue you, if you do actual harm to their business.
In short, if you collect/sell/use any of the user data without the user knowledge and consent then you breaking the GDPR.
And when i said any of the user data, i mean anything at all, even if he uses his keyboard to type 1 letter you are not allowed to know what he typed unless he (the user) lets you (the developer/publisher) record that input, and knows you will record that input. And here also is to be mentioned :
- usernames or real full or partial names
- credit card info
- fake address or billing address or delivery address
- phone numbers
- app usage related inputs or user behavior when using the app
- pictures or emails
- opening and closing app function usage
- Other than above that user submits, or you might record