Third, a controller or processor not established during the EU might be topic to your GDPR if it processes the private knowledge of knowledge subjects within the EU and that processing is related to the “checking” while in the EU of the “behavior” of data subjects as their behavior normally https://guideyoursocial.com/story3027448/cyber-security-consulting-in-saudi-arabia
