Third, A controller or processor not set up while in the EU will likely be subject to the GDPR if it processes the personal data of knowledge topics from the EU and that processing is related to the “monitoring” within the EU on the “behavior” of data topics as their https://aramcocybersecuritysaudiarabia.blogspot.com/