#dataprotection Archives - The Software Bureau

Third Party Data Breaches Highlight the Need for Strong Vendor Security

#databreach, #datasecurity, #infosec, Data Security, GDPR, The Software Bureau

Third Party Data Breaches Highlight the Need for Strong Vendor Security

By Martin|2025-10-20T16:16:30+00:00October 20th, 2025|

At The Software Bureau, we take information security seriously. Our recent retention of the ISO 27001:2022 certification reflects our ongoing commitment to protecting sensitive data and maintaining the highest standards of security across our operations. However, the recent data breach involving LNER’s customer communications database, managed by a third party supplier - https://www.printweek.com/content/news/lner-data-accessed-in-customer-comms-breach, is a stark reminder that security must extend beyond internal systems. Reports indicate that unauthorised access was gained through a supplier, compromising customer data and raising serious concerns about vendor oversight. This incident reinforces a critical point. Your organisation’s data security is only as strong as the weakest link in your supply chain. While The Software Bureau does not share any customer data with third parties, we [...]

The Software Bureau Retains ISO 27001:2022 Certification

#datasecurity, Compliance, Data Security, GDPR, The Software Bureau

The Software Bureau Retains ISO 27001:2022 Certification

By Martin|2025-10-09T11:27:26+00:00October 9th, 2025|

We’re proud to announce that The Software Bureau has once again successfully retained its ISO 27001 certification. This achievement isn’t just a piece of paper on the wall for us. It’s a reflection of how deeply Information Security runs through everything we do. We take data protection seriously because we know the devastating impact that a breach of GDPR can have on any business – including our own. Protecting information isn’t just about compliance; it’s about trust, integrity and responsibility. Our dedicated Information Security team leads the charge. They hold senior positions within the business and carry significant responsibility to ensure our processes, systems and people remain aligned with the highest standards of security. Their expertise and vigilance mean our [...]

A Data Protection Update

#data, #databreach, #datasecurity, #infosec, Data accuracy, Data Hygiene, Data Processing, Data Security, GDPR

A Data Protection Update

By Martin|2024-06-04T08:32:56+00:00June 4th, 2024|

Last week marked the sixth anniversary of the General Data Protection Regulation (GDPR), a landmark in data protection that revolutionised how personal data is handled across Europe. However, as many people reflect on GDPR's impact, the future of data protection regulation in the UK hangs in the balance following the recent mothballing of the Data Protection & Digital Information Bill (DPDI). The Demise of DPDI The Government’s decision to exclude the DPDI from its “wash up” process, a fast-track mechanism for essential legislation before Parliament is dissolved, has led to significant uncertainty. Initially introduced in 2021, the DPDI aimed to modernise the UK's data protection framework. However, it was still navigating the committee stage in the House of Lords when [...]

Top 10 sectors that fail to report data breaches revealed

#databreach, #datasecurity, #infosec, Data accuracy, Data Hygiene, Data Processing, Data Security, GDPR, Industry

Top 10 sectors that fail to report data breaches revealed

By Martin|2024-05-24T11:34:57+00:00May 24th, 2024|

As we ‘celebrate’ the 6th birthday of GDPR a new study finds that over half of all data breaches in the UK in 2023 were not reported within the required 72-hour window. The report from Hayes Connor revealed the sectors with the worst track record. These were: Local Government: 51.32% General Business: 49.16% Marketing: 47.50% Justice: 47.06% Regulators: 46.81% Membership Associations: 46.67% Online Technology and Telecoms: 45.37% Media: 45.16% Central Government: 44.57% Retail and Manufacture: 43.94% Failing to report a breach within this timeframe can result in significant fines of up to £17.5 million or 4% of global turnover, whichever is higher. However, in practice, most firms receive minimal penalties. A key finding of the research is that in the [...]

Are we any closer to UK data protection laws?

#data, #databreach, #datasecurity, #hacking, #infosec, Analytics and data science, Data Hygiene, GDPR, Industry

Are we any closer to UK data protection laws?

By Martin|2024-02-27T07:30:25+00:00February 27th, 2024|

Ummmm – in a word, no…. Last week Secretary of State Michelle Donelan brought the Data Protection and Digital Information (DPDI) Bill back into the House of Commons to secure an extension. Its expiration has now been extended by 280 days, setting a new deadline of December 12, 2024. This extension was critical; without it, the bill faced lapsing on March 8, 12 months after its initial presentation. Following a second reading before Christmas, the DPDI Bill will now make its way through the House of Lords. However, the timeframe for this phase remains a subject of much speculation among political and data circles – particularly with an election looming. One of the more formidable tasks confronting the Lords is [...]

2024: A year for data protection regulation reform?

Compliance, Data accuracy, Data Hygiene, Industry

2024: A year for data protection regulation reform?

By Martin|2023-11-27T12:14:35+00:00November 27th, 2023|

Following its airing at the recent King’s Speech the much-discussed Data Protection and Digital Innovation Bill (DPDI) will have its ‘remaining stages’ in the House of Commons on 29 November. There are 21 possible amendments to the Bill all most of which have been referred to as ‘common-sense’ and it is expected to fly through parliament, meaning it is likely to become law early next year. The DMA supports the ratification of the Bill having been heavily involved in shaping many of its elements. Key differences to GDPR include: How personal data is defined Under DPDI information will only be considered as identifiable by a person other than the controller or processor if that other person obtains the information as [...]

Data Breach Debacle: Electoral Commission’s 300-Day Delay in UK’s Largest Hack in History!

Data Security, GDPR

Data Breach Debacle: Electoral Commission’s 300-Day Delay in UK’s Largest Hack in History!

By Martin|2023-08-10T08:42:57+00:00August 10th, 2023|

On the ICO website it clearly states that organisations suffering data breaches must report it within 72 hours of being made aware of the breach. Lets be clear 72 hours. That equates to three days, Not the 300 days it has taken the Electoral Commission to fess up to THE BIGGEST data breach in UK history. For those that have missed the headlines The Electoral Commission reported a breach on 8th August 2023 having discovered in October 2022 that hackers were playing fast and loose with its systems since August 2021. This includes unfettered access to the names and addresses of at least 40 million people registered to vote between 2014 and 2022. Oh dear. The eagle eyed of you [...]

The end of the road for GDPR?

Uncategorized

The end of the road for GDPR?

By Martin|2022-10-05T14:56:16+00:00October 5th, 2022|

Is the UK going to be free of the constraints of GDPR? If Michelle Donelan’s speech at the Conservative Party Conference is anything to go by, then GDPR’s days in the UK are numbered. The new secretary of state for Digital, Culture, Media & Sport said GDPR had been inherited from the EU, and its bureaucratic nature was limiting the potential for businesses. She announced that the UK would be replacing GDPR with its own business and consumer-friendly, data protection system. It wasn’t clear if this was to be the Data Protection and Digital Information Bill (which itself has superseded the Data Reform Bill), or an entirely separate initiative. Whichever it may be, apparently the plan is to protect consumer [...]