Third, a controller or processor not proven inside the EU is going to be subject matter on the GDPR if it processes the private info of information subjects in the EU and that processing is linked to the “checking” while in the EU from the “behavior” of data subjects as https://infopagex.com/story2913841/cybersecurity-consulting-services-in-saudi-arabia
