Unlike lots of compliance laws, SOC compliance is often not required to work in the offered market like PCI DSS compliance is for processing payment card details. Usually, providers have to have a SOC audit when their customers ask for 1. Formally attest your compliance. An AOC (attestation of compliance) https://www.nathanlabsadvisory.com/eu-us-privacy-shield-gdpr.html
