Data Compliance Map

Exemplar map spec — fully completed example demonstrating the template format. Use this as reference when filling out the other 30 map MD files.

Meta

Summary

Data Compliance Map is the flagship reference tool for global data protection law. It shows every country’s privacy law status, data residency rules, cross-border transfer requirements, enforcement intensity, and AI-specific rules — all switchable on a single choropleth.

The audience is compliance officers, Chief Data Officers, CTOs evaluating market entry, and privacy lawyers. The use case is “which jurisdictions should we enter next?” and “what’s our exposure footprint?” A US fintech expanding into the EU needs to know GDPR exposure; a European SaaS expanding into Brazil needs to know LGPD; a healthtech operating globally needs to know HIPAA-equivalent jurisdictions.

This map is positioned as the most comprehensive openly-readable reference, replacing the need to read 30 different law firm summaries. It demonstrates Atlas Development’s capability to build multi-dimensional regulatory compliance platforms — which is what carriers, MNCs, and law firms commission as paid custom builds at $150K-$500K.

ICPs (Ideal Customer Profiles)

Primary buyer

• Role/title: Chief Privacy Officer / Head of Privacy / Chief Data Officer
• Industry: SaaS, fintech, healthtech, e-commerce, AI companies
• What they search for: “data privacy law [country]”, “GDPR vs LGPD”, “data residency requirements [country]”, “cross-border data transfer mechanisms”, “privacy law comparison tool”
• Expected deal value: $50K-$500K custom build (their internal compliance tracking system)
• Discovery channel: IAPP membership content, LinkedIn (Privacy Professionals groups), Google search, conference referrals (IAPP Global Privacy Summit, RSA Conference Privacy Track)

Secondary buyers

• General Counsel / In-House Privacy Counsel — evaluating jurisdictional exposure for board reports
• Compliance Director at multinational — ongoing monitoring of regulatory change
• Privacy law firm associates — junior research; they’re not the buyer but they get the firm partners to notice us

Bridge audience (drives traffic, not direct buyers)

• IAPP-certified privacy professionals (CIPP, CIPM, CIPT) doing research
• Law students studying comparative privacy law
• Journalists covering privacy enforcement actions

Core Features

• 5-dimension choropleth with selectable dimension: privacy law status, data residency, cross-border transfers, enforcement intensity, AI-specific rules
• Per-jurisdiction detail drawer with full breakdown of all dimensions, regulator info, recent enforcement actions, max fines
• Framework reference cards for GDPR, CCPA, LGPD, PIPL, PDPA, POPIA, APP, PIPEDA — explainer pages
• Compare two jurisdictions side-by-side (“GDPR vs CCPA” — massive search volume)
• Q&A pages for featured snippets (“Does GDPR apply to US companies?”, “What is data residency?”, “Cross-border transfer mechanisms in 2026”)
• Methodology drawer with full source citations + scoring formula transparency
• Professional CTA panel — “API access” / “Build a version with your internal data” / “Compliance monitoring dashboard for your jurisdictions”

Map Layers & Display

Polygons (base data layer)

• World country boundaries (Natural Earth 1:10m or Mapbox boundaries source)
• Choropleth coloured by currently selected dimension
• Categorical colour scale per dimension; legend in side panel
• Inserted before country-label (labels remain on top)

Lines (overlay layer)

• None in default view
• Optional: “comparable framework” connections (e.g., countries that explicitly model their law on GDPR) — toggle on/off
• Inserted before country-label

Points (top data layer)

• None in default view
• Optional: recent enforcement actions as pulse-animated markers — toggle on/off
• Inserted before country-label

Labels (always topmost)

• Country labels: Mapbox default
• City labels: not used (jurisdiction-level data only)

Interactive elements

• Hover: small tooltip showing jurisdiction name + current dimension’s value
• Click: opens right-side drawer with full per-jurisdiction breakdown
• Filter chips (top bar): dimension selector (5 chips, one selected at a time)
• Search bar: type a country name to fly-to + auto-open drawer
• Time slider: not in v1; defer to v2 (showing law evolution over time would be amazing)

Data Sources

Tier classification

• Tier 1 (autopublish: verified): DPA primary sources, government legislation pages
• Tier 2 (autopublish: preliminary): OECD, IAPP, official regulator press releases
• Tier 3 (review required): DLA Piper, law firm summaries
• Tier 4 (review required): Trade press, IAPP commentary

Attribution requirements

• DLA Piper: link back to original entry per jurisdiction (their site is freely accessible)
• OECD AI Policy Observatory: CC-BY 4.0 attribution with source link
• IAPP: cite per their republishing policy
• All government sources: linked, never republished verbatim

Competition

Honest competitive assessment

DLA Piper has the content depth. OneTrust has the institutional weight. We win on UX, multi-dimensional comparison capability, and openness (no paywall, no member gate). We don’t win on legal authority — DLA Piper is a Magic Circle firm; we’re a small SaaS shop. Our defensible moat is the visualization layer + the recency commitment + the comparison feature. Our methodology page must be impeccable to compete with their authority.

SEO Strategy

Primary keyword

• data privacy law map — ~3,200/mo
• GDPR vs CCPA — ~5,400/mo
• data residency by country — ~1,900/mo

Long-tail targets

• data privacy law [country] (top 50 countries) — 200-2,000/mo each
• cross border data transfer mechanisms — 1,300/mo
• GDPR fines by year — 880/mo
• does GDPR apply to US companies — 2,200/mo
• data residency requirements [country] — 200-500/mo each
• [country] data protection authority — 100-400/mo each
• LGPD vs GDPR — 1,100/mo
• PIPL China data protection — 880/mo
• Schrems II adequacy decision — 590/mo
• data localization laws 2026 — 720/mo

Page route families (prerendered)

• / — homepage with hero map
• /jurisdiction/{iso2}/ — per-country pages (~195 pages × 8 locales = ~1,560)
• /framework/{slug}/ — per-framework pages (GDPR, CCPA, LGPD, PIPL, etc., ~20 × 8 = 160)
• /compare/{a}-vs-{b}/ — top 50 comparison pairs prerendered (top: GDPR vs CCPA, GDPR vs LGPD, etc.)
• /topic/{slug}/ — explainer pages (cross-border transfers, data residency, AI rules, biometric data, etc., ~25 × 8 = 200)
• /q/{slug}/ — Q&A pages targeting featured snippets (~50 × 8 = 400)
• /methodology — required for credibility
• /attribution — required for licensing compliance
• /about — Atlas Development cite

Total prerendered pages: ~2,500-3,000

JSON-LD per page type

• Homepage: WebSite + SearchAction
• Jurisdiction: Place + nested Legislation references
• Framework: Article + Legislation
• Topic: Article
• Q&A: QAPage (highest snippet priority)
• Compare: Article with comparison schema
• Methodology: Article

Internal linking strategy

• Every jurisdiction page links to its framework pages, comparison pages with neighbors, and relevant topic pages
• Every framework page links to all jurisdictions where that framework applies
• Topic pages link to relevant Q&A pages and jurisdiction examples
• Q&A pages link to topic pages for deeper context

Backlinking targets

• IAPP newsletter mention (pitch to editorial)
• Privacy Professionals LinkedIn group shares
• DLA Piper data protection blog (if we can get a citation)
• Future of Privacy Forum publications
• Academic citation in privacy law journals
• Tech press features (TechCrunch, The Verge privacy coverage)

Translations

• Required: Y
• Priority locales: en, es, fr, de, pt, ja, zh, ar (covers >75% of global compliance professional searches)
• Rationale: Privacy compliance is a global function. Korean (ko) and Russian (ru) are 2nd-wave additions if traffic data warrants.

Custom Build CTA Strategy

This is one of the highest-priority lead-gen maps in the portfolio (Tier 1 enterprise ICP).

• “For your data” angle: “Build a private compliance dashboard with your subsidiaries / customers / suppliers mapped against this regulatory landscape”
• API / data partnership CTA: Dedicated /api page describing the API offer: structured JSON access to all dimensions per jurisdiction, with attribution requirements. Email-gated request form.
• Methodology download (email gate): Y — downloadable PDF of full methodology + scoring formulas + data source list. Captures email + role.
• Corner link UTM: utm_source=data-compliance&utm_medium=corner-link&utm_campaign=custom-build
• Outbound trigger logic:
  • Cloudflare Web Analytics shows referrer + country
  • Manual review of GA referrers from corporate domains (carrier, MNC, law firm domains)
  • LinkedIn share monitoring → direct outreach to sharers within 48h
  • Email signups from corporate domains get personal follow-up from Micky within 24h

Demo Notes

• First-touch experience: World map renders with privacy law status choropleth (default dimension) ALREADY drawn. Hero text top-left: “195 jurisdictions. 5 dimensions. One map.” Subtle hint: “Click any country.”
• Wow moment: User clicks the dimension selector and switches from “Privacy Law Status” to “AI-Specific Rules” — choropleth recolors smoothly over 400ms, immediately showing a totally different pattern (EU + China lit up; everywhere else mostly empty).
• Pre-loaded state: Default to “Privacy Law Status” dimension. Default jurisdiction focus: visitor’s home country (detected via Cloudflare country header, no cookies).
• Tour mode: No. Subtle hint pill only.

Tech Notes

Ingestion approach

• Bulk seed: DLA Piper scrape + Claude normalisation, per-jurisdiction structured output per dimension
• Reference data: framework files (data/frameworks/gdpr.json, ccpa.json, etc.) hand-curated
• Continuous: IAPP RSS, DPA RSS feeds, official regulator press releases — match regex for enforcement actions + new law passage events

Map style

• Base: Mapbox Light v10 (when in Linear design mode) or custom dark variant
• Light/dark mode toggle in UI

Custom components needed

• Multi-dimensional choropleth with smooth crossfade between dimensions
• Dimension selector pill bar
• Comparison page generator (server-side rendered at build time)
• Methodology drawer (overlays the map)

Performance considerations

• ~2,500 prerendered HTML pages → ~10MB total source code, ~1.5GB tile bundle (or use Mapbox vector tiles)
• Lazy-load Mapbox per route — comparison pages don’t need the map at all

Mapbox token

• Name: mapbox.atlas.data-compliance
• URL restriction: https://datacompliancemap.app/*
• Tracking: enabled

Handoff Notes

[Will be filled in by Micky during stage 4 of the workflow]

Demo Video Brief

Backend (Micky): Show the DLA Piper adapter running, Claude normalising legal text into structured 5-dimension data, the data flowing into Cloudflare R2, the prerender pipeline emitting 2,500 SEO pages. Close: “Imagine a private version with your customer base mapped against this — that’s what we build at atlasdevelopment.app/custom.”

Design (Finn): Hero shot of choropleth recoloring as dimensions change. Show the comparison page (GDPR vs CCPA). Show the methodology drawer. Talk through Linear design choices — why indigo, why dark, why minimal motion.

Development (Chloe): Show the repo, the per-page emitter, the JSON-LD generation, Claude Code session where Chloe added the comparison page route family. Close: “Free boilerplate at atlasdevelopment.app/boilerplate — fork it and ship your own map.”

Status Log