Search
Close this search box.

FAQ: We have a SOC 2. How much effort is GDPR?

FAQ: We have a SOC 2. How much effort is GDPR?

Assuming your Company is subject to GDPR, the level of effort depends a lot on the maturity of Organizational and Privacy controls. The Organizational will be mostly met by implementation of the related latest SOC 2 updates, which is good. However, if you are not currently including Privacy in your SOC 2, and do not have a strong privacy program in place, there will be a moderate level of short term effort required.

It should take approximately 2 to 3 months in collaboration with your Auditor to perform a readiness assessment of the specific GDPR requirements and implement said updates for most Company’s.

The upside of being required to implement GDPR is that there would be minimal effort to include Privacy and references to any unique GDPR requirements within future SOC 2 reports.

SSAE-18 FAQs
SOC 1 FAQs
SOC 2 FAQs
All FAQs

Additional FAQs

SOC 1 or HITRUST?

The SOC 1 has a completely different purpose than HITRUST. Typically a company would perform both if they are a TPA processing medical claims and other claims, where, there is

What is a SOC 2?

The Service and Organization Controls 2 Report, formally known as a Service Organization Controls Report as of the most recent update to the SSAE 18 audit standard. A SOC 2 report

Can I fail a SOC 2 audit?

Yes, failure to meet the relevant Trust Service Criteria may result in a failed SOC 2 audit, requiring remediation. This is known as a Qualified Opinion when this happens.

Get Our Emails

SOC Reporting Guide

SOC Reporting Guide Newsletter

Facebook-f Twitter

Copyright 2024 © All rights Reserved.