3rd, a controller or processor not established in the EU might be matter for the GDPR if it procedures the private data of information subjects while in the EU and that processing is connected with the “monitoring” in the EU from the “behavior” of data topics as their conduct normally https://bookmarkize.com/story17686058/cyber-security-consulting-in-saudi-arabia