I'm not a huge fan of GDPR FWIW; in particular I think the requirement to have representatives and data protection officers is way too burdensome for smaller companies. They probably thought they'd create a cottage industry of EU representative/DPO service companies, but that's so little of a business it just feels like an invitation to set one up as a front for money laundering. I like the thought of GDPR, but the law as written is actually pretty weird IMO.