3rd, a controller or processor not set up while in the EU might be matter to the GDPR if it processes the non-public details of knowledge subjects while in the EU and that processing is relevant to the “checking” from the EU of your “conduct” of data subjects as their https://cybersecurityservicesinsaudiarabia.blogspot.com/