MANY LAWS AND REGULATIONS ARE IN PLACE regarding the protection of IT systems. Companies have a requirement to comply with the laws that apply to them. The first step is to understand the laws. You're not expected to be a lawyer, but you should understand the basics of relevant laws.
Once you have an idea of which laws and regulations apply, you can then dig in deeper to ensure your organization is in compliance. The cost of not complying can sometimes be expensive. Fines can be in the hundreds of thousands of dollars. Some offenses can result in jail time.