Third, a controller or processor not proven in the EU might be issue towards the GDPR if it procedures the non-public details of knowledge topics inside the EU Which processing is relevant to the “monitoring” within the EU on the “conduct” of knowledge topics as their behavior normally takes put https://sites.google.com/view/gdpr-compliance-in-usa/data-privacy-compliance-in-saudi-arabia