What steps would you take to ensure compliance with data protection regulations and internal policies?