Third, A controller or processor not proven inside the EU will be subject matter towards the GDPR if it processes the non-public information of information topics in the EU and that processing is relevant to the “monitoring” inside the EU of your “behavior” of data subjects as their habits usually https://thefairlist.com/story7619699/cyber-security-consulting-in-usa