Third, a controller or processor not founded inside the EU will be matter to the GDPR if it processes the non-public data of information topics in the EU and that processing is related to the “monitoring” while in the EU of your “behavior” of data subjects as their conduct can https://virtualcisoconsultingservicesuae.blogspot.com/