3rd, a controller or processor not set up from the EU will probably be matter to your GDPR if it procedures the non-public details of knowledge topics in the EU Which processing is associated with the “monitoring” within the EU in the “conduct” of data topics as their actions usually https://cybersecurityserviceinusa.blogspot.com/
