3rd, a controller or processor not proven in the EU might be topic to the GDPR if it processes the personal information of knowledge subjects while in the EU Which processing is relevant to the “checking” from the EU of your “habits” of data subjects as their actions takes spot https://bookmarkfavors.com/story3101495/cyber-security-consulting-in-saudi-arabia
