Data protection compliance framework