3rd, a controller or processor not recognized in the EU will probably be topic on the GDPR if it processes the private knowledge of information subjects in the EU and that processing is linked to the “monitoring” inside the EU in the “conduct” of data topics as their actions usually https://mediasocially.com/story2919486/cyber-security-consulting-in-saudi-arabia