What does an organization FIRST review to assure compliance with privacy requirements?

What does an organization FIRST review to assure compliance with privacy requirements?

A.
Best practices

B.
Business objectives

C.
Legal and regulatory mandates

D.
Employee’s compliance to policies and standards