Third, A controller or processor not recognized within the EU might be subject on the GDPR if it procedures the non-public details of data subjects while in the EU and that processing is connected to the “checking” inside the EU of the “conduct” of data subjects as their actions requires https://thesocialintro.com/story3107955/cyber-security-consulting-in-usa