Third, a controller or processor not set up from the EU will likely be matter for the GDPR if it processes the non-public knowledge of data subjects within the EU and that processing is relevant to the “checking” during the EU with the “habits” of knowledge topics as their habits https://opensocialfactory.com/story17310517/cyber-security-consulting-in-usa