3rd, A controller or processor not proven during the EU is going to be topic for the GDPR if it procedures the personal info of information subjects from the EU and that processing is connected with the “checking” during the EU in the “conduct” of information topics as their actions https://mypresspage.com/story3048259/cyber-security-consulting-in-saudi-arabia