We are a media advertising company located in U.S. Our clients are pharmaceutical companies marketing in both US and EU. We do not control or process EU citizen data, but our clients do. Therefore, they need to be GDPR compliant. What steps can WE take to best consult/advise our clients on GDPR issues? Appointing a Data "privacy" officer or GDPR manager seems like overkill.
You can advise your customers on how to implement a GDPR-compliance project within their respective organizations. We have a lot of resources that you can use, including a full GDPR Toolkit (link below) and some free GDPR courses (you can also purchase an Advisera certification proving that you passed a GDPR exam). Appointing a DPO is only required in some specific cases, or when you feel you need to have better control over how personal data is processed within your organization, or if you process large quantities of special categories of personal data.