Case studies
We work with organisations across AI, privacy and web - helping them understand their position, build the right foundations, and respond with confidence. Here's a selection of recent work:
Hidden in plain sight - finding and fixing web compliance risk across 100+ sites
A global organisation with over 100 websites knew it had exposure. It didn't know where.
- Cookie consent inconsistent across the estate
- Privacy and cookie notices not reflecting regulatory requirements across GDPR, UK GDPR, LGPD, and global frameworks
- Hidden tracking accumulated across sites - nobody had a complete picture
We reviewed, redesigned, and overhauled - notices redrafted, consent mechanisms fixed, hidden tracking identified and addressed, accessibility gaps mapped, agencies briefed and working correctly.
The result: a consistent, compliant, and defensible web estate across jurisdictions - with the evidence to prove it.
Find out more:
Building an organisation that understands AI, privacy, and cyber - from the board down
A large enterprise needed genuine understanding of AI, privacy, and cyber governance across its organisation - not a tick-box exercise, but role-specific capability from board level to frontline functions.
- General awareness training for all staff aligned with EU AI Act literacy requirements
- Role-based modules for legal and compliance, technology, data science, digital marketing, and HR
- Board sessions - honest, open, and designed for genuine oversight rather than passive briefing
- Delivered across multiple sectors
The result: an organisation with the knowledge, confidence, and governance structures to manage AI, privacy, and cyber risk - at every level.
Find out more:
Same brand, different rules - managing web compliance across global markets
A global organisation was operating the same digital estate across markets with materially different regulatory requirements. What worked in one jurisdiction created exposure in another.
- Cookie consent, privacy disclosures, and age verification varying by market
- Sector-specific disclaimers and edge cases adding complexity
- No coherent cross-jurisdictional approach
We mapped requirements jurisdiction by jurisdiction, identified gaps, and provided practical prioritised guidance - giving the organisation a coherent, defensible approach across markets without rebuilding from scratch.
The result: a clear, structured global web compliance position - consistent where it could be, flexible where it had to be.
Find out more:
Shipped in weeks, not months - a global campaign site that broke the bottleneck
A global FMCG organisation needed a campaign site live across multiple markets - fast. The transformation programme couldn't move at the speed the business required. Internal teams were stretched. Agencies were tied up elsewhere.
- Hard deadline, multi-country scope, no clear delivery path through the normal route
- Transformation bottlenecks and internal capacity issues blocking delivery
- Governance and compliance requirements across multiple markets to address from day one
We scoped, built, and delivered NextJS campaign sites - live across markets in weeks, governance and compliance built in from the start, handed back to the client's team on completion with documentation and guidance for future use.
The result: campaign live on time across markets, compliance embedded not bolted on, and a reusable approach that reduced future bottleneck dependency.
Find out more:
Hidden tracking, dark patterns - a web audit that found what others missed
An organisation believed its web estate was broadly compliant. An independent technical and regulatory review told a different story.
- Hidden and server side tracking identified - not visible in standard cookie audits
- Dark patterns found in consent flows - nudging users away from privacy-protective choices
- Gap between front-end assurances and actual site behaviour documented in detail
We worked with internal teams and agencies to implement changes, reeducated where needed, and ensure the estate matched what it told users it was doing.
The result: a web estate that was clean, compliant, and defensible - with the technical evidence to prove it.
Find out more:
A privacy programme built for the world - not just one law
A global company's privacy programme had grown organically and was struggling to keep pace with regulatory developments and organisational growth - across GDPR, UK GDPR, LGPD, CCPA, CPRA, and Philippines DPA.
- Programme reviewed, redesigned, and rebuilt from the ground up
- Governance structures, data flows, operational controls, and cross-jurisdictional compliance addressed
- Embedded in practice across legal, compliance, technology, and the business; enabling ongoing iteration to keep pace with regtech developments
The result: a privacy programme that works in reality - consistent, governed, and defensible across jurisdictions.
Find out more:
From deployment to governance - AI readiness in practice
Two organisations. Different contexts. Same challenge - AI in use, governance not keeping pace.
- EU AI Act readiness: systems classified, high-risk applications identified, controls mapped, remediation roadmap developed
- Workforce solutions company outside EU AI Act scope: automated decision-making in recruitment and HR assessed, transparency and privacy obligations addressed, responsible AI governance framework built
- Both engagements connecting AI governance to privacy and data obligations
The result: both organisations with a clear, practical AI governance position - and the confidence to deploy AI responsibly.
Find out more:
To discuss how we've worked with organisations similar to yours