Unlike many compliance polices, SOC compliance is often not necessary to operate in the specified industry like PCI DSS compliance is for processing payment card information. Normally, corporations need a SOC audit when their prospects ask for one. The GDPR safeguards individual info regardless of the engineering used for processing https://www.nathanlabsadvisory.com/blog/tag/dpias/
