Compliance is a continuous journey. Even after painful attention to details, things can go wrong. But, not letting it happen again is key. There is just no room for mistakes or repeats of the mistakes when it comes to data security.
It is necessary to make corrections and implement the changes before moving on. What exactly happened, why and how did it happen, and what should be done for it to never repeat are some of the analysis steps. One of the articles I recently read says, a compliance culture needs to exist in companies that deal with data security.
Questions like why, what, analysis of the situation and a process to never have it happen again must become part of the culture of the groups dealing with this on a day-to-day basis. The most important final step after going through the study and understanding what changes need to be made is actually making those changes. It may appear to be bothersome and cumbersome but it is useless unless the changes/findings are implemented. The results of this long correction process can be extremely productive and rewarding in the long run.