FAQ: We have a SOC 2. How much effort is GDPR?

FAQ: We have a SOC 2. How much effort is GDPR?

Assuming your Company is subject to GDPR, the level of effort depends a lot on the maturity of Organizational and Privacy controls. The Organizational will be mostly met by implementation of the related latest SOC 2 updates, which is good. However, if you are not currently including Privacy in your SOC 2, and do not have a strong privacy program in place, there will be a moderate level of short term effort required.

It should take approximately 2 to 3 months in collaboration with your Auditor to perform a readiness assessment of the specific GDPR requirements and implement said updates for most Company’s.

The upside of being required to implement GDPR is that there would be minimal effort to include Privacy and references to any unique GDPR requirements within future SOC 2 reports.

Additional FAQs

How does a company get SOC 2 certified?

SOC 2 is not a certification, it’s a third party attestation of the controls in place at your organization. Typically when a company is asking this question though the answer

How long does a SOC 1 take to complete?

This depends on how prepared and how many resources an Organization has to dedicate to the project. The first time through, usually a readiness assessment would be performed, and then

Get Our Emails

SOC Reporting Guide