3rd, a controller or processor not proven in the EU is going to be subject into the GDPR if it procedures the private info of data topics in the EU Which processing is related to the “monitoring” while in the EU of the “habits” of information subjects as their actions https://sitesrow.com/story7414692/cyber-security-consulting-in-saudi-arabia