3rd, a controller or processor not set up while in the EU are going to be subject for the GDPR if it processes the private data of information subjects while in the EU and that processing is related to the “monitoring” while in the EU with the “habits” of information https://cheapbookmarking.com/story17607333/cyber-security-services-in-saudi-arabia