From Spreadsheets to Scalable Software – Mark Roebuck’s Journey with ProvePrivacy - E10

In this episode of Software Meets Business, we sit down with Mark Roebuck, founder of ProvePrivacy, to explore his journey from accidental data protection consultant to SaaS entrepreneur. Mark shares how his frustration with Excel’s limitations in managing GDPR compliance led him to build a scalable software solution—only to later discover he had competition he never anticipated.

We dive into:

• The moment Mark realised spreadsheets were breaking down

• How an Upwork contractor changed the entire direction of ProvePrivacy

• Navigating outsourced development vs. hiring locally

• The importance of pricing perception—why being too cheap almost killed sales

• Lessons learned from building software from scratch and securing funding

WATCH NOW ON YOUTUBE

FOLLOW US ON TIKTOK

[00:00:10]

Rich: Welcome to another episode. Today, I’m joined by Mark Roebuck, founder of PruPrivacy.

Mark: Thanks for having me.

[00:00:30]

Rich: Let’s start with a bit of background. How did you end up founding PruPrivacy?

Mark: I’ve been a self-employed project consultant for most of my career, mainly in organisational design and IT. While I wouldn’t call myself an IT project manager, I’ve always worked on the business side—helping organisations understand IT. I’m a tech geek at heart, but I’m also good at talking to people, which helped me bridge that gap. Through my work, I was exposed to countless projects involving data and systems. One of the major projects I worked on was separating TSB from Lloyds Banking Group, where I helped build TSB’s property function. That experience gave me a solid understanding of organisational decision-making and data usage. When GDPR came into effect, I decided to take some data protection training to enhance my skill set. Days after completing the course, I was pulled into GDPR compliance work. It wasn’t my original plan, but it turned out to be a great fit, and I soon found myself working as a data protection consultant.

[00:02:30]

Rich: So PruPrivacy started from your experience consulting on GDPR compliance?

Mark: Exactly. While consulting, I’d leave organisations with compliance tools based on Microsoft Excel and SharePoint. But I knew that once I left, those tools would start falling apart. Excel simply wasn’t built for tracking complex data relationships, and without a structured process, organisations weren’t maintaining them. I realised there had to be a better way. So I set out to develop a platform that would do everything Excel could—but in a more structured, scalable, and reliable way.

Rich: That’s a common story—businesses starting with spreadsheets until they become unmanageable. So you saw a gap in the market and decided to build something?

Mark: I thought I had a unique idea. It wasn’t until I was deep into development that I realised there were other players in the market. That was probably my first mistake—not researching the competition thoroughly. But in hindsight, it didn’t really matter. The gap still existed, and I knew I could offer something better.

[00:05:30]

Rich: What were your next steps? Did you have a background in software development?

Mark: Not directly, but I had experience working with developers. Initially, I planned to build the platform on WordPress, using a developer I had worked with on an e-learning project. He was based in India and had been great to work with. However, he was upfront with me—WordPress wouldn’t cut it. It lacked security and scalability. He effectively talked himself out of a job, but he gave me great advice: if I was serious about the product, I needed a proper development approach.

Rich: That’s a rare level of honesty from a developer!

Mark: It really was. So I started looking at options. I needed a cost-effective but reliable team. UK developers were three to four times more expensive than overseas teams. Since I understood product ownership, I figured I could manage an offshore team myself. I ended up using Upwork to shortlist three options: a UK company, a Dutch company, and an Indian company. The UK option was far too expensive. The Dutch company was essentially a one-man show with a couple of freelance developers, which felt too risky. The Indian company, however, was well-established and had a proper team in place. What sealed the deal was that their CEO was actually in the UK at the time. He found my contact details, reached out, and asked to meet for a coffee. That meeting gave me confidence—he was genuinely interested in my success. That personal touch made a huge difference.

[00:10:00]

Rich: That’s a great example of the importance of trust in software development partnerships. Did you encounter any challenges working with an offshore team?

Mark: Definitely. One of the biggest was communication. Even when developers speak fluent English, technical discussions can be tricky. Accents, phrasing, and minor misunderstandings can lead to costly mistakes. For example, when we were implementing single sign-on, I wanted to use the client’s Microsoft Azure for authentication. The developers misunderstood and built it using our Azure, meaning every client would have needed an account on our system. It wasn’t until I saw the proof of concept that I realised the mistake. It was a classic case of assuming we were on the same page when we weren’t.

[00:15:00]

Rich: That’s a key takeaway—always double-check that what’s being built is actually what you asked for.

Mark: Exactly. In an agile environment, you have to stay involved. Weekly check-ins are essential, and you need to challenge anything that doesn’t seem quite right.

Rich: Let’s talk about funding. You mentioned you started with your own money—how did that evolve?

Mark: I was lucky to have savings from my consulting work, which I used to fund the initial development. But as I expanded the product, I needed more capital. I found a grant scheme called PAPI (Product and Process Innovation), which was offering up to £20,000 in matched funding. That meant if I spent £60,000, they’d cover £20,000 of it. The catch was that I had to commit to hiring at least one full-time employee. The application process was intense. Writing the business case took a few weeks, but the hardest part was forecasting sales and revenue. Let’s be honest—those early projections are often just educated guesses. We originally priced the product at £1,200 a year, thinking we were being competitive. But when we went to market, people thought it was too cheap to be credible. We raised the price, and suddenly, we started getting interest.

[00:22:00] Rich: That’s a great insight—pricing can be as much about perception as value. What does PruPrivacy offer today?

Mark: Our platform helps organisations manage data protection compliance. The key features include: • Record of Processing Activities (ROPA) – Tracks what data an organisation uses and how it’s managed. • Breach Management – Helps organisations handle and report data breaches. • Data Subject Access Requests (DSARs) – Automates responding to customer data requests. • Risk Management – Identifies gaps in compliance and tracks mitigation efforts. • Policy Management – Stores and tracks internal policies and procedures. • ISO 27001 Controls – Helps businesses manage security controls for certification.

The system is designed to be simple enough for non-experts to use while providing compliance teams with the tools they need.

[00:28:00] Rich: You’ve landed some notable clients—can you share any names?

Mark: We’ve got clients across different sectors, including integrated care boards in the NHS, universities, and global companies like Navitas and Renishaw. We also work with life sciences companies, some with as few as 15 employees. The platform scales from small businesses to FTSE 250 firms.

Rich: That’s impressive. What’s next for PruPrivacy?

Mark: Right now, we’re focused on growing the customer base and refining the platform. Future plans include:

•	Expanding risk management to cover organisational risks, not just data protection.
 
•	Enhancing asset management to give IT teams better oversight of data flows.
 
•	Strengthening integrations with security tools and compliance frameworks.

[00:32:00]

Rich: Finally, what advice would you give to someone developing their own software product?

Mark: Stay focused on what customers actually need. Some features we built ended up being underused because we assumed they’d be valuable without validating demand. Agile development is great, but don’t go too far off track before confirming there’s a market for what you’re building.

Rich: Great advice. Thanks for joining us, Mark—it’s been a fascinating discussion.

Mark: Thanks for having me.