Third, A controller or processor not set up inside the EU will probably be subject matter for the GDPR if it procedures the personal data of knowledge topics from the EU Which processing is relevant to the “checking” within the EU on the “habits” of data topics as their conduct https://toplistar.com/story19398589/cyber-security-services-in-usa