3rd, A controller or processor not proven from the EU is going to be matter for the GDPR if it procedures the private data of knowledge topics from the EU Which processing is related to the “monitoring” while in the EU on the “actions” of knowledge topics as their habits https://medium.com/@cybersecurityservice/data-privacy-compliance-in-saudi-arabia-ed1d6e9bc078