Not Like lots of compliance restrictions, SOC compliance is typically not necessary to operate in a given industry like PCI DSS compliance is for processing payment card information. Generally, companies need a SOC audit when their shoppers ask for just one. The GDPR protects personalized info regardless of the technology https://www.nathanlabsadvisory.com/difc-data-protection-compliance.html