Yes, you Content and PII is encrypted at rest on Google Cloud databases using KEK. Industry standard, FIPS compliant encryption is used (AES 256).
The Google Cloud Platform encrypts customer data stored at rest by default. Data in Google Cloud Platform is broken into subfile chunks for storage, and each chunk is encrypted at the storage level with an individual encryption key. The key used to encrypt the data in a chunk is called a data encryption key (DEK). Because of the high volume of keys at Google, and the need for low latency and high availability, these keys are stored near the data that they encrypt. The DEKs are encrypted with (or “wrapped” by) a key encryption key (KEK).
For more information see https://cloud.google.com/docs/security/encryption/default-encryption