The general idea in my head is that instead of each company needing a department to handle GDPR, they outsource the department to the third party. Because of the company's size, I would assume the third party could handle more then one company at a time, lowering costs. Yes this wouldn't solve liability, but it reduces the chance there will be mistakes, like those mentioned in the article.
Yes, that's an option, we have local companies that handle private data protection issues for other companies, that was a thing already pre-GDPR with the earlier data protection legislation but it's now a larger business as the scope has increased.
What they do is somewhat similar to consulting and audit companies - they'll go over your internal processes and/or suggest standard procedures if you don't have any; they'll generally consult with the local data protection authority on particular interpretations and apply them to all their customers, etc. Creating/adapting a procedure for answering customer requests for their data (including the identity verification) would be part of the service; another common service is doing GDPR-policy training for e.g. call center employees. So a thing like that already exists; they won't take over your liability or your processes but they'll review your processes and hand-hold you through any adjustments needed.
