October 14, 2021- Data mapping may be the first step on the road to privacy compliance, but for some organizations it’s a steep drop. The sheer volume of data being inventoried and the inherent limitations of technology solutions designed to help means that many companies or law firms are looking at maps with more than a few holes in them. “It’s not for lack of trying or for lack of willful intent to get to a good [outcome] here. It’s that there are too many solutions that are too ‘not great’ or too expensive and this is a hard issue,” said Christopher Ballod, an associate managing director in the cyber risk practice at Kroll. Unsurprisingly, he noted that data mapping is most common among organizations with roots in California or Europe, where regulations such as California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR) mandate the ability to comply with data subject access requests.