3rd, a controller or processor not founded while in the EU might be topic to the GDPR if it processes the private details of data subjects during the EU and that processing is connected with the “monitoring” in the EU on the “actions” of information subjects as their habits usually https://bookmarkmoz.com/story17714463/cyber-security-services-in-saudi-arabia