Build privacy in before you write a line of code
Privacy by design, DPIAs and ongoing privacy support for SaaS and product teams who want to ship fast without an ICO problem later. Privacy Ally works with you at the design stage, when getting data protection right is cheapest and easiest.
Privacy that’s built in, not bolted on
Most privacy help arrives too late. It turns up after the product is built, or after something has already gone wrong, when fixing it means costly rework. I work the other way round, joining product teams at the design stage so data protection is built into how your system handles data from the start.
I’m Martin, a privacy consultant based in Lancaster, working with SaaS founders and product teams across the UK. I hold the IAPP Certified Information Privacy Technologist (CIPT) qualification, the credential focused specifically on privacy in technology and privacy by design.
That combination is deliberate. Privacy by design isn’t a legal box-ticking exercise, it’s an engineering and product decision. I speak both languages, so I can sit with your developers and translate data protection requirements into things they can actually build, rather than handing you a compliance report that nobody on the team knows what to do with.
The result: DPIAs that get done properly instead of as a last-minute scramble, products that won’t trip a regulator later, and a team that understands why the decisions were made.
I’ll only use the details you provide to reply to your message. I won’t add you to a mailing list or pass your data to anyone. See the Privacy Notice for the full picture.
Get in touch
Whether it’s a quick privacy question or you want help getting your business compliant, send a message and I’ll come back to you by email. Your details are only ever used to reply to you.
Privacy thoughts
I write about various topics relating to privacy and technology.
-
How to Set Up GA4 and Google Tag Manager to Fire Only After Consent (a WordPress Guide)
A friendly, UK-focused walkthrough using WPConsent and Google Consent Mode v2, based on how it’s actually configured on this site. If your WordPress site fires Google Analytics 4 or Tag Manager the moment someone lands on a page, that is a problem worth fixing. Under UK law, analytics cookies need the user’s prior, informed consent…
-
The quiet overload of the small business IT manager
There’s a pattern I see in small businesses that nobody talks about openly. Privacy, IT security, disaster recovery, business continuity, and audit prep all land on the same desk. Usually that desk belongs to an IT manager who was hired to run infrastructure, not to be a one-person GRC function. It happens quietly. A certification…
-
Random Emails From a Mailing List You Never Joined? Here Is What Is Going On
You open your inbox and there it is: a message from a “helpdesk”, an out-of-office reply about someone’s annual leave, or a newsletter from a company you have never dealt with. You did not sign up for any of it. Then it happens again the next day. This is more common than most people realise,…
-
The iPhone privacy settings I actually change first
When it comes to privacy on your personal devices, there are plenty of ways to tighten things up. The iOS platform keeps privacy reasonably tight out of the box, but a few changes will push it further, and some of the more useful settings are buried where most people never look. I’ve pulled together the…
-
CMP and Consent Mode Installed? Why UK Google Ads Sites Still Fail PECR
If you’ve installed a consent management platform like OneTrust or CookieYes and switched on Google Consent Mode v2, it’s fair to think the compliance job is done. You’ve got a banner, the consent signals are firing back to Google, your Ads account has stopped complaining, and the whole thing feels neatly wrapped up. The awkward…
