3rd, a controller or processor not proven while in the EU will likely be topic into the GDPR if it processes the personal details of data subjects while in the EU Which processing is relevant to the “monitoring” in the EU in the “actions” of data subjects as their habits https://bookmarkquotes.com/story17748748/cybersecurity-consulting-services-in-saudi-arabia
