3rd, a controller or processor not established while in the EU will be subject matter to the GDPR if it procedures the private info of data topics during the EU and that processing is linked to the “checking” in the EU in the “conduct” of knowledge subjects as their conduct https://thebookmarkid.com/story17749171/cyber-security-services-in-usa