UK GDPR & PECR Compliance Gap Audit
Your website is showing its GDPR gaps to anyone who looks. I look — before a complaint does.
Fixed-price UK GDPR & PECR compliance gap audit for UK D2C and ecommerce brands. Evidence-based, delivered in 7 business days, entirely async. No system access needed. No calls.
Since February 2026 the maximum fine for cookie and email-marketing breaches rose from £500,000 to £17.5m or 4% of turnover.

What gets checked
10 things a regulator, a journalist, or a curious customer can already see.
The method
How I audit without touching your systems.
Everything is assessed from the outside: public registers, your live website, DNS records, your vendors' published terms, and a real subscription to your own marketing. That's the point — your compliance gaps are already externally visible.
I don't need logins, API keys, or a developer meeting, which is why this takes 7 days, not 3 months.
Internal evidence a regulator would also check is covered by a self-assessment checklist included in every report.
What you receive
Evidence, priorities, and a re-test.
A 14–18 page report: 10-area red/amber/green scorecard with screenshot evidence for every finding, each mapped to the specific ICO guidance it comes from
A prioritised fix roadmap: Fix now / Plan / Maintain, with effort estimates
An internal-evidence self-assessment checklist covering what regulators check beyond the website
A free re-test of your Fix-now items within 30 days
Pricing
Three fixed-price tiers.
Tier 1
UK GDPR & PECR Compliance Gap Audit
£997
The external audit above. No access needed.
- 10-area red/amber/green scorecard with screenshot evidence
- Prioritised Fix now / Plan / Maintain roadmap
- Internal-evidence self-assessment checklist
- Free re-test of Fix-now items within 30 days
Tier 2
Compliance + Tech-Stack Efficiency Audit
£1,997
Adds a software-waste and subscription-overlap map via a short intake questionnaire.
- Everything in Tier 1
- Tech-stack efficiency review
- Subscription-overlap map
- Short async intake questionnaire (no calls)
Tier 3
Full Operational & Compliance Audit
£3,997
Adds review of internal evidence you send over — contracts, records, consent logs. Still no system access.
- Everything in Tier 2
- Review of contracts, DPAs and vendor terms you share
- Records-of-processing review (ROPA)
- Consent log and lifecycle-email review
Supporting Tier 2
Estimate your subscription overlap before you buy.
SaaS ROI & Compliance Calculator
See what your tech stack is quietly costing you.
Move the sliders to estimate your annual software waste, manual integration tax, and shadow AI exposure under the UK Data (Use and Access) framework.
Your inputs
Total across CRM, automation, marketing, comms and analytics tools.
Time spent copying data between disjointed tools across your team.
AI tools used by staff without a signed DPA or sub-processor review.
Estimated annual exposure
01 · SaaS Sprawl Waste
£13,200/yr
Benchmark: 25–30% of SaaS spend is lost to redundant or under-used licences.
02 · Manual Integration Tax
£23,400/yr
Loaded cost of staff time spent moving data between disconnected tools.
03 · Shadow AI Risk
32/100
ModerateExposure under the UK Data (Use and Access) framework for unvetted sub-processors.
Total recoverable cost leak / year
£36,600
Who this is for
Built for UK D2C and ecommerce brands.
Not for:
- Businesses needing legal representation
- Custom development work
- App-only businesses with no meaningful website data collection
Case Studies
See a real audit end-to-end.
The Invisible Data Leak: a D2C compliance gap audit
How a UK D2C brand's cookie banner, trackers and privacy stack looked to a regulator — with the evidence, the fixes, and the priority order.
Turning old customer lists into a live revenue channel
Helped a UK healthcare business use their existing tools plus simple automations so they could bring back lapsed customers without hiring more staff.
Questions
Frequently asked questions.
Guides
Short reads on UK data compliance.

Nobody Reads the DPA. That's the Real Compliance Problem.
A plain-English seven-point UK data protection check-up under the DUAA 2025.

Why Confident AI Users Are Often the Most Exposed
DPAs, ROPAs, training defaults — the gap, and how to close it.

Why Most UK Businesses Make Their AI Decisions Backwards
Tools first, compliance last — what it costs and how to fix it.

About Iulia
Hi, I'm Iulia. I review every audit myself.
14 years in CRM, retention and lifecycle marketing for brands including Investec, IG, Unibet and SecretSales. GDPR Foundations certified. I now audit UK D2C brands' data compliance from the outside — the way a complainant, a journalist, or a regulator's first look would.
Fully async, fixed price, evidence-based. I don't access your systems and I don't need to — I observe and diagnose; your team or developer implements, with my roadmap.
See what a regulator would see
before they do.
Independent UK GDPR & PECR compliance gap audit. 7 business days. No calls.