Third, A controller or processor not recognized during the EU is going to be matter to the GDPR if it processes the personal data of data subjects within the EU and that processing is relevant to the “monitoring” in the EU of the “behavior” of information subjects as their actions https://sites.google.com/view/gdpr-compliance-in-usa/data-privacy-compliance-in-saudi-arabia