Third, a controller or processor not established from the EU might be issue for the GDPR if it processes the private data of data topics while in the EU and that processing is related to the “monitoring” while in the EU in the “behavior” of data topics as their habits https://bookmarkgenious.com/story17809373/cyber-security-consulting-in-saudi-arabia