3rd, a controller or processor not proven while in the EU is going to be subject to your GDPR if it processes the private facts of data topics from the EU and that processing is relevant to the “checking” within the EU of your “actions” of data subjects as their https://cybersecuritycertificatesaudiarabia.blogspot.com/2024/08/aramco-cyber-security-certificate-in.html