We deal with compliance on a daily basis: traffic laws, tax laws, and other regulations. It should be no surprise that there are rules for how we deal with some data, especially data in a public cloud. These rules exist largely in the health care and financial sectors, but other industries have their regulations as well.

Besides security, compliance is the top reason that enterprises don’t move to the cloud. But in my experience, this compliance-based resistance is more about not understanding compliance in the cloud rather than actual obstacles to being compliant. Here are three steps to dealing with compliance in the cloud that work every time.

Step 1: Understand the laws

Most enterprises don’t have a good understanding of the details of the legal issues they actually face, such as how the data should be handled and by whom, how they need to be certified (if they do), and what location restrictions exist.

There should be no speculation as to what’s legit and what’s not. It’s all written down someplace, and you need to read all of it. If needed, hire a lawyer to figure out what’s legally required and what’s not.