1 The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU (GDPR.eu). | 2SOC 2 compliance is a component of the American Institute of CPAs (AICPA)’s Service Organization Control reporting platform. Its goal is to make sure that systems are set up so they assure security, availability, processing integrity, confidentiality, and privacy of customer data. 2SOC 2 is both a technical audit and a requirement that comprehensive information security policies and procedures be written and followed (Threat Stack). | 3 Velocity Global