> these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc. These efforts can involve hundreds to thousands of people for multiple years.
Then you should have done it right the first time.
Then you should have done it right the first time.