Track PECR marketing consent and unsubscribes for UK small businesses
DUAA pushed PECR fines from £500k to £17.5m. £29/mo evidence vault for SMEs with no DPO.
Executive Summary
In a nutshell
A drop-in PECR and GDPR marketing-compliance vault for UK SMEs. It captures every consent (form, IP, timestamp, source), maintains suppression lists across email, SMS and calls, mirrors unsubscribes between Mailchimp, Klaviyo, Brevo, HubSpot and Gmail, and generates an ICO-ready evidence pack on demand. The Data (Use and Access) Act 2025 took effect 5 February 2026 and raised the PECR fine ceiling from £500k to £17.5m or 4% of global turnover, instantly exposing every UK small business doing outbound marketing. Existing tools (OneTrust, TrustArc) are priced for enterprise. Enactia is the SME-friendly option at $4,800/year, still too steep for a 5-person agency or e-commerce shop.
The Story
Meet the user
Naz runs a 12-person beauty brand in Manchester. She sends roughly 40,000 emails a month through Klaviyo, the occasional SMS through Brevo, and the cold-call campaigns to lapsed customers go through a freelancer with a spreadsheet. In January 2026 a friend who runs a claims-management firm got a £105k ICO fine. Naz panicked. She tried to map who had consented to what and when. Klaviyo had a list. Brevo had a different list. The Gmail unsubscribes from replies never made it back to the platform. She had no idea if the freelancer was actually screening against the TPS register before dialling. The compliance consultancy quote came back at £18k for an audit plus £900/month retainer.
Then she finds a £29/month tool that connects to all four platforms, mirrors every unsubscribe across them within minutes, captures every form submission with IP and timestamp, and produces a one-click PDF evidence pack she can hand to the ICO if a complaint lands. The first time she generates the pack and sees 12 months of clean evidence, she breathes out for the first time since January.
Scores
How does this idea stack up?
7.4/10
UK has ~5.5m SMEs, hundreds of thousands do outbound marketing. Existing tools are enterprise-priced. Real underserved segment.
ICO fines of £105k to £225k in January 2026 alone. Search demand for ico fines sits at 590/mo. PECR cap just went up 35 times.
Standard SaaS plus 5 ESP integrations (Mailchimp, Klaviyo, Brevo, HubSpot, Gmail). API surface is well documented. 6 to 10 week MVP.
DUAA commenced 5 February 2026, 3 months before this research. The before/after moment is right now.
Demand persists (regulation isn't going away), but compliance tooling tends to get absorbed into ESPs over 3 to 5 years. Window is 2 to 4 years to build moat or exit.
Five ESP integrations plus a defensible evidence model is a chunky build for one person. Not trivial.
Strongest
Timing
The DUAA fine increase is a textbook regulatory catalyst with a dateable trigger (5 February 2026).
Watch out
Durability
Mailchimp could ship a compliance pack feature in 18 months and squeeze the wedge.
Pain Point
The problem
“ZMLUK did not have valid consent for the emails it sent, and the company had failed to take reasonable steps to prevent unlawful marketing activity.”
— ICO investigation finding, January 2026, leading to a £105k fine for one company sending 67.7 million emails on third-party data.
UK small businesses doing email, SMS or telemarketing now sit in a regulatory zone where the worst-case fine is 35 times larger than it was three months ago. The actual operational pain is fragmentation: consent gets captured in Typeform or a Webflow form, marketing happens in Mailchimp or Klaviyo, SMS goes through Brevo, occasional cold calls go through a freelancer or a small call centre. When an ICO complaint lands, the SME has to reconstruct from four or five tools whether this person consented, when, where, to what, and whether the business honoured their unsubscribe across every channel. Nobody currently does that mirroring. The ICO's own enforcement notices repeatedly cite insufficient due diligence on third-party data and no evidence of valid consent as the trigger for fines.
Want reports like this every Thursday?
One validated UK business opportunity per week. Free.