3rd, A controller or processor not set up inside the EU will be matter to the GDPR if it processes the non-public data of information topics in the EU and that processing is relevant to the “checking” within the EU with the “actions” of data subjects as their conduct usually https://funny-lists.com/story18688211/cyber-security-consulting-in-saudi-arabia