If bankruptcy of a Data Controller...
... is on the cards, then expect no-one to take the job.
It's that simple. The moment a job has criminal consequences, that are actively enforced, that job will be impossible to fill unless filled using some kind of conscription method.
100% compliancy is a myth, Unless you have armed guards with orders to shoot to kill, there's nothing you can do to stop an employee carrying out a filing cabinet using a wheelbarrow, or a group of employees from wheeling out your racks of servers into the carparks, where they then load the servers into their cars to take home and sell on ebay.
All the procedures in the world wont stop an employee smuggling in a camera in his boxer shorts (or panties if he's that way inclined).
The current data laws are stupid. If someone drives an 18 wheel truck through my local doctors clinic, and snatches up a PC or two before he drives through the outbound wall, or picks up a couple of lever-arch files, the Data-Controller is (according to the law) responsible for the loss. Encryption is irrelevant because you cant prove a negative, i.e. prove that the data hasn't been de-crypted by the HGV driving thief. And last time I consulted at a health center, I saw several rooms containing racks full of paper-based medical records.
You have no privacy. Get over it.
*Posted AC for irony's sake.