What steps would you take to ensure compliance with data protection regulations such as PCI-DSS or GDPR?