3rd, A controller or processor not recognized from the EU might be topic towards the GDPR if it procedures the private info of data topics from the EU and that processing is relevant to the “checking” within the EU of your “conduct” of data subjects as their behavior takes spot https://bookmarklayer.com/story17685750/cyber-security-services-in-usa