Which three topics does data compliance cover?

Data compliance covers aligning how data is handled with external legal demands, mandatory regulatory requirements, and the organization’s own policies. This means you must follow laws that govern data privacy and protection, comply with rules set by authorities for your industry or region, and enforce internal business policies about data use, retention, access, and sharing. Together, these three areas define whether your data practices meet obligations from outside and inside the organization. The other options describe specific controls or frameworks rather than the broad scope of compliance themselves. For example, data retention schedules, encryption standards, and password policies are concrete measures used to achieve compliance, but they don’t by themselves define what data compliance covers. Privacy laws of individual countries focus on one aspect of regulation, and security frameworks and standards describe how to implement controls rather than the overall compliance coverage.