First, achieving compliance to privacy requirements (particularly laws and regulations, plus agreements with third parties, plus corporate privacy policies etc.) is burdensome, especially if the requirements are not organized in the most effective way for PII Controllers and PII Processors. Organizations subject to multiple privacy compliance obligations (e.g. from several jurisdictions in which they operate or data subjects live) face additional burdens to reconcile, satisfy and keep watch on all the applicable requirements. A managed approach eases the compliance burden, for example as demonstrated by Annex C of the standard, a single privacy control may satisfy multiple requirements from General Data Protection Regulation (GDPR). [3]