Penby Insights
We publish what we know.
Practical guides, informed analysis, and usable resources on privacy-compliant marketing. Written by practitioners, not theorists.
5
Topic areas
2
Practitioners
Consent Mode V2 – a practical implementation guide for UK businesses
Google's Consent Mode V2 has been mandatory for UK advertisers since March 2024, with hard enforcement from July 2025. Most implementations are wrong. Here is what it does, how to set it up correctly, and what the legal and data consequences look like.
Financial promotions in the digital age – what the FCA expects
The FCA's financial promotions regime now applies to every digital channel – social media, PPC, email, AI-generated content. Here is what the rules require and how to meet them in practice.
GDPR-compliant lead generation: a practical framework
Lead generation is where data protection compliance fails most often. This practical framework covers the legal basis question, PECR requirements, compliant form design, third-party data risks, and platform-specific rules for Meta, LinkedIn, and Google.
AI governance for professional services – where to start
AI tools are already inside most professional services firms. The question is whether your firm governs them or pretends they are not there. A practical starting framework for managing partners and compliance leads.
Cross-border data protection – what firms with international clients need to know
The UK–EU adequacy decision was renewed in December 2025, but firms serving clients across borders still face transfer rules that vary by jurisdiction, mechanism, and sector. A practical guide to what applies, where the gaps are, and what to do about them.
The ICO's marketing enforcement priorities – what the cases tell us
The ICO has issued 119 marketing-related fines since 2019 – almost all under PECR, not GDPR. The enforcement patterns reveal practical lessons most marketing teams are missing.
A practical DPIA template for marketing campaigns
Most marketing teams have never completed a Data Protection Impact Assessment. Here is a practical template, a worked example, and the mistakes to avoid.
Why your marketing agency can't write for a regulated firm
Generic marketing agencies are structurally unable to produce compliant content for FCA-regulated firms. The problem is not talent – it is the absence of regulatory knowledge that no brief can transfer.
Privacy-Compliant Marketing in 2026: What Actually Changed
The regulatory landscape has shifted again. Here's what marketing teams need to know about running compliant campaigns without sacrificing performance.
Don't miss the next one.
Weekly insights on privacy-compliant marketing – delivered to your inbox. No tracking beyond what we tell you about.
EU-hosted via Brevo. Unsubscribe anytime.
Browse by topic
Five areas where data protection meets marketing.
Privacy-Compliant Marketing
Consent architectures, compliant tracking, and campaign structures that satisfy both regulators and the bottom line.
02Data Protection
Practical GDPR strategy for businesses that collect, process, and use personal data. Not legal theory.
03Marketing Technology
Analytics, tracking, tag management, and attribution – built right and compliant from the start.
04AI Governance
The emerging intersection of AI in marketing and the governance frameworks it demands.
05Regulated Industries
Content marketing where getting it wrong carries real consequences. Financial services, FCA, and beyond.
Newsletter
Weekly. Practical. No fluff.
One email per week on compliant marketing, data protection, and the technology that connects them. Analysis, resources, and commentary from practitioners, not theorists.
Your data stays in the EU. We use Brevo for delivery – no US data transfers, no tracking beyond what we tell you about. Unsubscribe anytime.