3rd, A controller or processor not set up while in the EU are going to be subject for the GDPR if it processes the private info of information subjects while in the EU and that processing is connected with the “monitoring” while in the EU with the “habits” of data https://fatallisto.com/story7345457/cyber-security-consulting-in-saudi-arabia