Compliance of IT-enabled business processes is a research area gaining more and more attraction for enterprises today. Many enterprises are on the gap of installing workflow systems within their premises. During this process they need to make sure that several regulations, coming from governments or enterprise-internal institutions, are obeyed. We argue that the compliance regulations, enterprises are faced with today, can be built using a number of atomic compliance requirements. We studied literature and identified new atomic requirements in our work with industrial use case partners taking part in research projects founded by the European Union, as well as projects with customers that face the same challenges. The atomic compliance rules, we identified, can be divided into two groups, data-related and control-flow-related compliance rules. The main contribution of this paper is a collection of patterns implementing complex compliance rules which consist of atomic control-flow related and data-related compliance rules. We show how these atomic rules must be applied to a business process in order to implement the desired behaviour, intended by a complex compliance rule. We extended an existing collection of recurring atomic compliance rules with a new set of data-related compliance rules. These compliance rules contain variabilities which need to be filled when they are applied to a business process model.