3rd, a controller or processor not set up inside the EU will probably be subject towards the GDPR if it processes the private knowledge of knowledge subjects in the EU and that processing is connected to the “monitoring” during the EU of the “conduct” of knowledge topics as their conduct https://altbookmark.com/story19324188/cybersecurity-consulting-services-in-saudi-arabia