Can ordinary companies keep up with data compliance regulations?