3rd, a controller or processor not established while in the EU might be matter for the GDPR if it processes the non-public data of information topics while in the EU and that processing is relevant to the “checking” within the EU with the “conduct” of knowledge topics as their conduct https://free-bookmarking.com/story17739479/cybersecurity-consulting-services-in-saudi-arabia