3rd, A controller or processor not established while in the EU will be topic to your GDPR if it procedures the non-public details of data subjects inside the EU and that processing is related to the “monitoring” from the EU of the “conduct” of information topics as their habits takes https://cybersecurityconsultinginsaudiarabia.blogspot.com/