But while the GDPR and other compliance laws like it are far-reaching, they also tend to be light on specifics. This can make them tough to comply with, especially for startups that are unfamiliar with data compliance laws. Moreover, the task of ensuring compliance is likely to become more daunting as an organization amasses increasing amounts of data.