Third, A controller or processor not proven within the EU are going to be matter to the GDPR if it processes the non-public information of information topics within the EU and that processing is associated with the “monitoring” during the EU from the “conduct” of information topics as their actions https://virtualcisoserviceinUAE.blogspot.com/