GDPR:

25: Controllers under the Scope of International Law

Where Member State law applies by virtue of public international law, this Regulation should also apply to a controller not established in the Union, such as in a Member State’s diplomatic mission or consular post.