3rd, a controller or processor not set up from the EU will probably be subject matter towards the GDPR if it processes the non-public information of information subjects from the EU Which processing is related to the “monitoring” inside the EU with the “actions” of knowledge subjects as their behavior https://bookmark-dofollow.com/story19761533/cyber-security-services-in-usa