Can you elaborate by what do you mean with "the whole process"? If you have some internal processes that handle the data, then you can't really separate and outsource the "GDPR part" without outsourcing the whole business process that handles the data - e.g. if you ship goods, then handling of adresses can't (IMHO) be separated from the shipping, if you run a website, then the handling of all the related privacy issues can't be separated from running the website.
Furthermore, even if you outsource the whole business process that handles sensitive data, you're still the 'controller' of the data, and you still carry full responsibility for it - you can and should have legal arrangements with the processor to recoup your damages/costs if they screw up, but you're the party that's directly liable, and if the processor can't/won't pay, that's solely your problem.
You can outsource certain parts of GDPR compliance - such as handling the paperwork and managing the customer enquiries properly, but it's hard(impossible?) to separate "the whole process" from the rest of your business.
The general idea in my head is that instead of each company needing a department to handle GDPR, they outsource the department to the third party. Because of the company's size, I would assume the third party could handle more then one company at a time, lowering costs. Yes this wouldn't solve liability, but it reduces the chance there will be mistakes, like those mentioned in the article.
Yes, that's an option, we have local companies that handle private data protection issues for other companies, that was a thing already pre-GDPR with the earlier data protection legislation but it's now a larger business as the scope has increased.
What they do is somewhat similar to consulting and audit companies - they'll go over your internal processes and/or suggest standard procedures if you don't have any; they'll generally consult with the local data protection authority on particular interpretations and apply them to all their customers, etc. Creating/adapting a procedure for answering customer requests for their data (including the identity verification) would be part of the service; another common service is doing GDPR-policy training for e.g. call center employees. So a thing like that already exists; they won't take over your liability or your processes but they'll review your processes and hand-hold you through any adjustments needed.
I'm sure one of the major consulting shops like Accenture would be willing to do it (poorly, and for insane amounts of money, of course). I'm not aware of any SaaS style offerings, though.
