Although I’ve never worked exclusively on compliance, much of my work over the past decade has touched on reconciling between product and compliance goals, and over that time I’ve developed something of a pet theory on the evolution of compliance over the next five to ten years: I expect customer-oriented compliance to converge on a unified set of controls. While today there’s a wide distance between GDPR, CCPA, HITRUST, FedRAMP and SOC2, I generally expect the gaps between these various frameworks to narrow significantly over time around the premise of all customer data being treated as sacred.