3rd, A controller or processor not set up in the EU is going to be subject matter to the GDPR if it processes the personal knowledge of knowledge topics in the EU and that processing is related to the “monitoring” from the EU on the “habits” of knowledge topics as https://onelifesocial.com/story2903958/cyber-security-services-in-saudi-arabia