Third, a controller or processor not set up inside the EU will probably be topic to your GDPR if it processes the non-public data of knowledge subjects while in the EU Which processing is related to the “monitoring” inside the EU with the “actions” of information subjects as their conduct https://blockchainconsultingservicesusa.blogspot.com/