It challenges recommendations on how to interpret core concepts on the GDPR and might difficulty binding decisions dealt with to the info security authorities on dispute in concrete cases concerning cross-border processing. The difference between the different types of SOC audits lies from the scope and duration of the evaluation: https://www.nathanlabsadvisory.com/infrastructure-security-testing.html
