3rd, a controller or processor not founded during the EU might be subject matter on the GDPR if it procedures the personal information of information topics from the EU and that processing is related to the “checking” within the EU of the “conduct” of information topics as their actions requires https://topsocialplan.com/story3059207/cyber-security-services-in-saudi-arabia