Skip to content
penby.

About Penby

Compliance isn't something we learned.
It's where we started.

We've spent our careers at the intersection of data protection and marketing, in financial services, where client trust isn't a nice-to-have, it's the entire business model. Penby exists because we saw the same gap everywhere: agencies that couldn't handle compliance, and compliance consultants who'd never run a campaign.

Penby is a UK-based consultancy founded by Andy Williamson and Ola Degteva. We help regulated businesses build marketing systems that perform and comply – because in our world, those aren't separate goals.

We've worked together since 2012, originally through the expatriate and international financial services space. Over that time, the work evolved. Andy's compliance and data protection expertise drew consultancy engagements from financial services firms. Ola's marketing technology skills attracted enterprise clients through The Energy Cell, a UK integrated marketing agency where she has managed complex client portfolios for over seven years. The common thread was always the same: businesses struggling to make their marketing work within the constraints of privacy regulation.

In 2022 we began integrating AI deeply into our working practice – not as an experiment, but as a core part of how we deliver. Four years later, Penby itself is the proof of what that looks like: this consultancy, its website, its content strategy, and its development workflow are AI-native, with experienced professionals directing every output. In January 2026 we formalised what had already become true. Penby is a small, focused consultancy that brings decades of domain expertise to the disciplines AI is reshaping fastest: data protection, marketing, and regulated content.

Andy Williamson, co-founder of Penby
LinkedIn

Andy Williamson

MBCS · IAPP · AIGP · IMCM Cert(IM)

Data Protection & Compliance Strategy

Andy's career reads like a sequence of environments where getting it wrong has consequences. Seven years in British Army logistics, mostly in Germany. Investment banking systems administration on trading floors running Sybase and Oracle risk management platforms. Six years as a freelance consultant building high-availability systems for Commerzbank, Dresdner Kleinwort Benson, and major telecoms operators across Germany.

In 2004 he co-founded an international financial advisory business, and in 2008 founded Expatra – a digital publication for British citizens considering life abroad. What started as a content project became a lead generation engine serving 150,000 monthly visitors at peak, delivering compliant enquiries to financial advisory clients across a space where FCA financial promotions rules, GDPR, and cross-border data transfers all intersect.

The thread through every stage is the same: building systems that work under pressure, stay compliant, and serve real people reliably. Since 2022, Andy has worked with AI daily – not as an observer, but as a practitioner who reads and understands every line of code AI produces. He now applies two decades of compliance architecture and regulated content expertise alongside four years of hands-on AI adoption to data protection strategy, privacy-compliant marketing, and AI governance.

Credentials & memberships

AIGP

AI Governance Professional – IAPP

MBCS

Member – British Computer Society

IAPP Member

International Association of Privacy Professionals

IMCM Cert(IM)

Investment Migration Council, Geneva

BCS DPO Certificate

Data Protection – British Computer Society

ICO Registered

Information Commissioner's Office

What Andy brings

Compliance architecture – FCA financial promotions, GDPR, data protection built in from the start. Two decades of doing this in regulated financial services, not reading about it.

AI governance and adoption – AIGP credential holder with four years of daily, hands-on AI work. Understands AI adoption from the inside – not as an emerging trend, but as a working practice he's been operating for years.

Content-led lead generation – Proven at scale. Built and operated a publication that became the primary lead generation engine for international financial advisory businesses.

Regulated content – Writes FCA-compliant financial content that advisers publish under their own name. AI accelerates the drafting; two decades of compliance experience ensures the output is right.

Ola Degteva, co-founder of Penby
LinkedIn

Ola Degteva

Google Partner · DMA · GDPR Certified

Marketing Technology & Analytics

Ola is a marketing analyst with over a decade of delivering measurable ROI through analytics implementation, tracking architecture, and privacy-compliant campaign management. Her background is unusual in the marketing world – a philology degree from Russia, a Master's in English from Cyprus, and a career trajectory that moved from language and communication into the deeply technical territory of marketing analytics, tracking architecture, and privacy-compliant campaign management.

Since 2018, Ola has worked as Senior Marketing Analyst Contractor at The Energy Cell, a UK integrated marketing agency, where she manages a diverse enterprise client portfolio spanning e-commerce, B2B services, marketplace platforms, and accounts across UK and European markets. She led the agency's GDPR-compliant tracking migration, implemented Google Consent Mode V2 across the client base, and was instrumental in achieving Google Partner status through technical excellence – not spend thresholds. Since 2022, Ola has integrated AI tools into her analytics and campaign management workflow, using them to accelerate audience analysis, reporting, and optimisation while maintaining the rigour that comes from validating every implementation herself.

Before the agency work, Ola spent five years at Expatra as Communications Officer and Marketing Analyst, building the publication's partner network, editorial strategy, and lead generation campaigns for expatriate financial services. She built a customer segmentation model using RFM analysis that delivered a 43% increase in response rates and developed multi-channel attribution frameworks that remained in use long after her role evolved.

Credentials & certifications

Google Partner

All 10 current Google Ads certifications

GDPR Qualified

DMA (Data & Marketing Association)

Data & Analytics

DMA Qualification

IDM Member

Institute of Data & Marketing

IDM Award in GDPR

Institute of Data & Marketing – studying

Consent Mode V2

Practitioner-level implementation expertise

What Ola brings

Marketing technology implementation – Not strategy decks. Hands-on implementation of tracking, analytics, consent management, and paid campaigns across complex multi-market environments.

GDPR-compliant marketing – The rare combination of understanding both the marketing technology and the regulatory requirements. Consent Mode V2, GTM, GA4 – configured properly.

Proven ROI delivery – 88% cost-per-lead reductions. 83% ROAS improvements. 21% tracking accuracy gains. Auditable results, not vanity metrics.

Agency-level technical depth – Seven years managing enterprise client portfolios across European markets, mentoring teams, and building the analytics infrastructure that agencies depend on.

"Ola transformed our marketing operations and brought a level of technical rigour and analytical expertise that significantly enhanced our client deliverables."

Abigale Dobbs, Marketing Director, The Energy Cell

Together

Complete coverage of a gap most businesses don't know they have.

Andy covers compliance strategy, data protection architecture, AI governance, and the regulatory landscape. Ola covers marketing technology, campaign execution, analytics implementation, and AI-enhanced measurement. AI capability runs through both sides of the practice – not as a separate service, but as the way the work gets done. Between them, there is no handoff to an external specialist, no gap between the strategy and the implementation.

This is not a large consultancy that assigns whoever is available. When you work with Penby, you work with Andy and Ola.

Strategy through execution

Data protection strategy and GDPR-compliant marketing implementation in the same engagement. No gap between the advice and the technical work.

Formal credentials that reflect depth

IAPP, BCS, ICO registration on the compliance side. Google Partner, DMA qualifications on marketing. AIGP on AI governance. Credentials that reflect depth, not box-ticking.

Two decades in regulated industries

Not a recent pivot into privacy. A career-long track record in regulated industries – with hands-on AI adoption since 2022 adding a further dimension to the work.

Privacy-first by conviction

Fathom Analytics, EU-only hosting, self-hosted fonts, no Google dependencies. The principles we advise on are the same ones we operate by.

How we work

Principles we don't negotiate on.

Substance over signals

We don't produce strategy decks that sit in a drawer. Every engagement results in something implemented, documented, and working – not a PDF of recommendations.

Honest assessment

If your problem isn't something we can fix, we'll say so. If your existing setup is fine and just needs a minor adjustment, we'll tell you that too. We don't manufacture scope.

Practice what we preach

This site runs on EU-hosted infrastructure with Fathom Analytics, self-hosted fonts, and no US data dependencies. We operate the same model we recommend to clients – the principles we advise on are the same ones we build with.

Want to talk?

We're always happy to have a conversation about what you're dealing with – no pitch, no pressure, no twelve-slide capabilities deck. Just a straightforward discussion about whether we can help.

Get in touch