3rd, a controller or processor not proven during the EU will likely be matter for the GDPR if it procedures the non-public info of knowledge topics while in the EU Which processing is relevant to the “monitoring” from the EU from the “conduct” of information subjects as their conduct usually https://bookmarkingfeed.com/story17618158/cyber-security-consulting-in-usa