Do non-EU companies need a GDPR representative? When Article 27 applies, exemptions, B2B exposure, AI triggers and how to embed it in your operating model.