If you're an early stage startup, do you start directly with GDPR and SOC2 compliances while landing initial customers? [I will not promote]

We're building a data tool that helps aggregate customer data from various sources, edit them and stream them to LLM training pipelines. Although we don't copy the data to our servers (data read from sources), it seems mandatory that in the market gdpr or such compliances are necessary for large organizations as customers. But if we're an early stage startup trying to land our first few customers, is it necessary to go ahead and figure out compliances before ?