3rd, A controller or processor not established in the EU is going to be issue towards the GDPR if it procedures the non-public knowledge of information topics in the EU and that processing is related to the “monitoring” from the EU of the “habits” of data subjects as their habits https://bookmarkinglife.com/story3086520/cyber-security-services-in-usa