3rd, a controller or processor not set up in the EU will be subject matter towards the GDPR if it processes the non-public data of data topics from the EU and that processing is related to the “monitoring” within the EU from the “behavior” of knowledge subjects as their actions https://ccccertificationinsaudiarabia.blogspot.com/