You don’t need an EU DPO, just an EU representative, according to my reading of it. (At least not under a certain size, which is what I was looking at.) They’re basically a glorified post office box. I used DataRep, which was very reasonably priced.
Read the text of the GDPR directly. It’s surprisingly readable, and there’s several well-organized hypertext versions online.
It’s been several years since I read the GDPR, but my recollection is that companies smaller than 150 people, who don’t process “sensitive” data (sexual orientation, etc.) have lighter requirements. Again, read the GDPR itself for details.
