3rd, a controller or processor not established while in the EU will probably be topic into the GDPR if it processes the personal info of information subjects inside the EU and that processing is associated with the “checking” during the EU in the “habits” of knowledge subjects as their habits https://bookmarkusers.com/story17512924/cyber-security-consulting-in-usa