How would you secure a cloud-based infrastructure to comply with strict data privacy regulations like HIPAA or GDPR?