Third, A controller or processor not set up while in the EU are going to be subject to your GDPR if it procedures the personal information of data topics during the EU and that processing is relevant to the “checking” in the EU on the “actions” of knowledge topics as https://cybersecurityservicesinusa.blogspot.com/