The RSI Security web site breaks down the techniques in a few depth, but the process in essence goes like this: Formally attest your compliance. An AOC (attestation of compliance) is the form you use to signal which you’ve reached PCI DSS compliance. Ending your questionnaire without any “Mistaken” answers https://www.nathanlabsadvisory.com/eu-us-privacy-shield-gdpr.html