Companies established outside the EU are required to appoint an EU representative according to Art 27 GDPR in the EU if they:
offer goods and services to individuals in the EU (e.g. providing a website in an EU language, offering payments in EUR) or
monitor their behaviour (e.g. cookie profiling).
According to the Guideline 3/2018 of the European Data Protection Board (EDPB) on the territorial scope of GDPR this applies on controllers and processors as well. For processors not established in the Union the applicability of GDPR depends on what the “processing activities” are “related to”. If the data processing conducted for the controller is "related" to the offering of goods and services or the monitoring of behaviour, the GDPR applies to the processor in addition to the controller.