3rd, a controller or processor not proven within the EU will be matter towards the GDPR if it procedures the non-public info of knowledge subjects while in the EU and that processing is related to the “monitoring” while in the EU in the “actions” of information subjects as their habits https://mnobookmarks.com/story17606950/cyber-security-consulting-in-usa