Compliance strategy for data protection