3rd, A controller or processor not set up during the EU is going to be subject matter towards the GDPR if it processes the private facts of data topics while in the EU and that processing is associated with the “checking” in the EU from the “conduct” of knowledge topics https://bookmarkextent.com/story19195681/cyber-security-services-in-usa