Asia / Malaysia. We have EU data in our and customers' environment. Since this GDPR originates from EU, hence - who will enforce it anyway? DPA / Supervisory Authority / Lead Authority? - but we do NOT have that in our country.
Where the extra-territorial provisions of the EU GDPR apply, the controller or processor must appoint a representative in the EU. That representative must be based in a Member State in which the relevant individuals are based. There is a limited exemption to the obligation to appoint a representative where the processing is occasional, it's unlikely to be a risk to individuals and does not involve large scale processing of sensitive personal data. So, you need to appoint such a representative. The representative will have to face off to the relevant supervisory authorities and accept liability for breach of the Regulation, which could now be substantial.