Third, a controller or processor not established within the EU will likely be topic to your GDPR if it processes the non-public knowledge of information topics inside the EU and that processing is related to the “monitoring” during the EU in the “actions” of information topics as their actions takes https://virtualcisoserviceinsaudiarabia.blogspot.com/