Case Study : Tangible Markets

Bank-Grade Privacy for Faster Enterprise Growth

Tangible Markets

Overview

Tangible Markets is a global financial intelligence and liquidity platform serving institutional
investors. The platform processes sensitive financial behaviour data, deal activity, and
investor interactions. As the company grew, enterprise customers demanded stronger data
protection and governance.

Tangible Markets approached Kew Data Consultants to design and implement a mature
privacy framework that aligned with GDPR, UK DPA 2018, Swiss nFADP, and US state
privacy laws — while also improving commercial readiness, investor confidence, and
operational efficiency.

The Challenge

Before engaging Kew Data Consultants, Tangible Markets faced increasing pressure from
enterprise clients, partners, and regulators

No centralised GDPR/UK DPA governance
Missing DPIAs, TIAs, RoPA, retention rules
Unclear data flows across Slack, HubSpot, analytics, and infrastructure
No vendor management lifecycle
No formal privacy-by-design framework
Enterprise questionnaires slowing down sales
Limited evidence of compliance maturity for investors
Fragmented internal processes

The leadership team needed a structured programme that delivered real compliance and
commercial impact — not just paperwork.

Our Approach

Kew Data Consultants worked with Doodle to implement OneTrust Consent Management Platform (CMP) with full U.S. state-level compliance logic integrated across their digital ecosystem.

1. Platform Audit & Data Mapping

We analysed:
Backend and data architecture
Investor behaviour data & financial flows
Communications via Slack
CRM workflows via HubSpot
Analytics, tracking, and behavioural events
Cross-border data transfers (US ↔ EU/UK)
System integrations and microservices
Outputs Delivered:
High-level data flow diagrams
Risk map
Data inventory
Sub-processor mapping
Prioritised remediation roadmap

2. Governance & Documentation Framework

We designed and delivered a full suite of privacy documentation, including:
GDPR-compliant RoPA
DPIAs + LIAs
Full Transfer Impact Assessments (TIAs/DTIAs)
Data Retention Policy
Access Control Policy
Incident Response Playbook + Breach Workflow
Acceptable Use & Data Handling guidelines
Vendor Risk Management policy
Updated Privacy Policy & Cookies Policy
Customer-facing DPA with SCCs/IDTA
This became Tangible Markets’ Privacy Governance Framework v1.0.

3. Vendor & Client Assurance

To support enterprise onboarding:
We reviewed multiple vendor DPAs and sub-processor contracts
Built a vendor risk scoring system
Completed enterprise client privacy reviews
Drafted responses to due-diligence and risk questionnaires
Strengthened contractual protections
Provided documentation for procurement teams
This significantly improved sales velocity.

4. Privacy Operations Enablement

We established:
DSAR workflow (end-to-end)
Monthly governance cycles
Data retention and deletion workflows
Slack-based staff privacy reminders
Privacy-by-design checklist
Maturity scoring model

Business Outcomes & ROI

Just like our work with Doodle, the impact extended far beyond compliance.

1. Faster Enterprise Sales Cycles

Before our involvement, enterprise privacy reviews took 2–4 weeks.

After implementation, Tangible Markets reduced this to 2–4 days, due to:

Standardised documentation
Pre-drafted responses
Completed DPIAs/TIAs
Clear evidence of compliance maturity
Direct impact on revenue

2. Stronger Investor Confidence

The documented governance framework became an asset in fundraising conversations.

Investors gained confidence in:

Data handling practices
Risk management
Scalability of the platform
Legal readiness for enterprise acquisition
Stronger positioning for future rounds and potential acquisition

3. Reduced Legal & Operational Risk

We resolved critical risk areas:

Cross-border transfers
High-risk processing DPIAs
Lack of retention controls
Incident response gaps
Vendor contract misalignment
Unclear lawful bases
Quantifiable reduction in compliance and contractual risk

4. £30,000–£60,000 per year in Operational Savings

By creating:

Repeatable templates
Completed assessments
Vendor workflows
Ready-to-use client documentation
Pre-approved privacy answers
Engineering, legal, and product teams now spend far less time on compliance

5. Strong Data Quality & Governance

With structured retention rules, data mapping, and deletion policies:

Redundant data was removed
Storage practices improved
Mapping accuracy increased
Documentation remained standardised
Long-term reduction in storage costs and exposure risk

The Result

Metric	Before	After (6 Weeks)	Improvement
GDPR Programme	No unified GDPR programme	Full enterprise governance framework	Complete Framework Built
Assessments (DPIAs, TIAs, RoPA)	None in place	10+ assessments completed	Assessment Programme Active
Data Visibility	Unclear data flows	Full architecture & data mapping	Total Transparency
Enterprise Onboarding	Slow onboarding	2–4 day turnaround	Significantly Faster
Compliance Risk	High compliance risk	Documented mitigations in place	Risk Reduced
Vendor Management	No vendor management	End-to-end vendor lifecycle	Lifecycle Introduced
Retention Schedule	No retention schedule	Data lifecycle implemented	Lifecycle Controls
Response Handling	Ad-hoc responses	Standardised, repeatable answers	Structured + Consistent

Conclusion

Tangible Markets went from reactive, fragmented privacy practices to a bank-grade compliance posture in just six weeks.

The new governance model:

• Accelerated enterprise sales
• Reduced legal risk
• Strengthened investor credibility
• Improved data governance
• Built a foundation for SOC 2 and ISO 27001
• Enabled scalable privacy operations

Kew Data Consultants continues to support Tangible Markets as their privacy partner with monthly vDPO services, documentation updates, and privacy-by-design review for new features.