3rd, a controller or processor not recognized in the EU will be matter on the GDPR if it processes the private info of data subjects during the EU and that processing is relevant to the “checking” from the EU with the “habits” of data subjects as their actions normally takes https://bookmarkusers.com/story17512924/cyber-security-consulting-in-usa
