3rd, A controller or processor not proven during the EU will likely be topic to the GDPR if it processes the non-public data of information topics during the EU and that processing is related to the “checking” inside the EU with the “actions” of data subjects as their conduct normally https://tbookmark.com/story17575209/cyber-security-consulting-in-usa