Third, a controller or processor not established in the EU is going to be subject matter to the GDPR if it processes the private knowledge of data subjects within the EU Which processing is connected to the “monitoring” from the EU of the “habits” of information subjects as their behavior https://bookmarksoflife.com/story3137800/cyber-security-services-in-saudi-arabia