Third, a controller or processor not recognized inside the EU will likely be subject matter towards the GDPR if it processes the non-public knowledge of data subjects while in the EU Which processing is connected with the “checking” in the EU of your “behavior” of data subjects as their behavior https://cybersecurityserviceinusa.blogspot.com/2024/08/aramco-cyber-security-certificate-in.html