Most organizations see compliance as a burden and not a value-added activity. As a result, they often leave IT out of the discussion about its importance and are unaware of what it entails or any gaps in their current practices.
Organizations generally wait for legislation to change before they begin improving independently; many don't even bother until there is an adverse audit or assessment.
Don't risk being non-compliant by leaving things to chance. The better bet is to approach compliance proactively by taking an agile approach to analyze and close gaps and derive value from the process by using a constant cycle to manage your compliance initiatives.