3rd, a controller or processor not established while in the EU will likely be subject for the GDPR if it procedures the private knowledge of data topics during the EU and that processing is connected to the “checking” inside the EU of the “behavior” of knowledge topics as their actions https://esocialmall.com/story2968355/cyber-security-services-in-saudi-arabia