The client is a small company that is a staff of four or five. They are based in the US and provide neurologic brain testing for patients usually suffering from a stroke. The tests are administered by a doctor or a health clinic. Recently, there is a clinic in Italy that plans on using their software. The number of patients, for the near future, may only be a few dozen.
I have done some research but can't find an exact answer to these questions:
1. Does the company need to have a formal EU Representative?
2. Are there companies that provide EU Representation services?
3. Does this representative need to keep the Record of Processing Activities?
4. If there is one thing that must be focused on to be GDPR compliant, what would that be?