3rd, a controller or processor not established from the EU is going to be matter to the GDPR if it processes the non-public info of knowledge subjects during the EU and that processing is relevant to the “checking” inside the EU with the “behavior” of data subjects as their habits https://cyber-security-consulting-in-usa.mystrikingly.com/