GDPR Article 27 guide for non-EU businesses — when an EU representative is required, exemptions, operational readiness and embedding it in your privacy model.