Third, a controller or processor not recognized while in the EU will be subject to your GDPR if it processes the personal information of data topics within the EU Which processing is connected with the “checking” during the EU of the “behavior” of data subjects as their habits requires put https://medium.com/@cybersecurityservice/data-privacy-compliance-in-saudi-arabia-ed1d6e9bc078