Home / Blog / A Cyber Action toolkit for SMEs, the IPO raises fees by 25%, and professional drivers are authorised to use glucose monitoring technology

A Cyber Action toolkit for SMEs, the IPO raises fees by 25%, and professional drivers are authorised to use glucose monitoring technology

Today’s blog post places a spotlight on the NCSC’s brand new Cyber Action Toolkit which is free to small business owners, the IPO raises its fees for the first time in a number of years, and good news for diabetic professional drivers as they are now authorised to use glucose monitoring technology when at work.

NCSC Launches Free Cyber Action Toolkit to Help Businesses Boost Security

As previously reported, the National Cyber Security Centre (NCSC) has launched a new free Cyber Action Toolkit to help small businesses strengthen their cyber defences in a simple and affordable way.

The toolkit has been designed for businesses that may not have in-house IT expertise or large security budgets, offering clear, practical steps that can be implemented straight away.

Helping small businesses take action

NCSC recognises that many small businesses find cybersecurity daunting, perhaps feeling that it is too technical, too costly, or simply not a priority. The sheer volume of guidance available can also be off-putting. This all leads to feeling overwhelmed and leaving cybersecurity for another day.

The new Cyber Action Toolkit aims to change that by providing easy-to-follow actions that provide immediate protection, even for those new to cybersecurity. The format focuses on taking a series of simple steps rather than just reading through guidance.

According to NCSC, the Toolkit has been tested by more than 2,500 trial users with good results.

As one early user, copywriter Siobhan Strode, commented: “Having a guide was really helpful. I felt really motivated to tick actions off – they were quick to do.”

Why it matters for your business

Although many see cybersecurity as something that is more relevant to larger businesses, the NCSC advise that no business is too small to be a target. Small businesses are just as likely to experience online crime as larger ones.

To access the Cyber Action Toolkit, see: https://cybertoolkit.service.ncsc.gov.uk

IPO Announces 25% Fee Increase from April 2026

The Intellectual Property Office (IPO) has confirmed plans to raise its fees by an average of 25% from 1 April 2026, subject to parliamentary approval. The change will affect applications and renewals for patents, trademarks, and designs.

This marks the first major fee increase in several years, with some fees unchanged for more than two decades. The IPO says the rise is necessary to keep pace with inflation and maintain the quality of its services.

The change means most fees will go up by around a quarter. For example:

A patent search will rise from £150 to £200.
A trademark application will increase from £170 to £205.

Full guidance will be published early in 2026 to help those whose payments fall close to the transition date.

The IPO has also updated its ‘how to pay’ information online, including revised terms and conditions for deposit account holders.

If approved, the new fee structure will take effect from 1 April 2026. Until then, the current fees remain in place.

See: https://www.gov.uk/government/news/intellectual-property-office-fees-to-increase-from-april-2026

New Rules Allow Professional Drivers with Diabetes to Use Glucose Monitoring Technology

From 7 November 2025, professional bus, coach, and lorry drivers with diabetes are now allowed to use modern glucose monitoring technology such as Continuous Glucose Monitoring Systems (CGMS). These systems use sensors to track glucose levels in real time.

Until now, Group 2 drivers – those holding licences for buses and lorries – had to rely on finger-prick tests to check their blood sugar before and during driving. The updated rules now allow them to use CGMS, bringing them in line with Group 1 drivers (car and motorcycle), who have been able to use this technology since 2018.

From 7 November, bus, coach and lorry drivers:

Can now use CGMS for real-time glucose monitoring.
Must still pull over safely if they need to confirm a reading.

Tim Moss, Chief Executive of the DVLA, said the change is about making life easier for drivers with diabetes while keeping roads safe. He said that embracing modern technology will help thousands of professional drivers manage their condition more effectively and with greater confidence.

If you are a professional driver or employ drivers, this change should provide more flexibility and increase safety through real-time monitoring.

See: https://www.gov.uk/government/news/dvla-modernises-diabetes-rules-for-bus-and-lorry-drivers

ICO Consults on New Guidance for Investigations and Enforcement

The Information Commissioner’s Office (ICO) has opened a consultation on new guidance that sets out how it investigates potential data protection breaches and takes enforcement action.

Increasing transparency

The proposed guidance explains the processes the ICO follows when it suspects an organisation may have failed to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Key points in the draft guidance

The draft guidance sets out:

How the ICO decides whether to open an investigation or resolve concerns in another way.

What can be expected during an investigation.

How the ICO will use its information-gathering powers, including new powers under the Data (Use and Access) Act 2025 to require individuals to answer questions and organisations to provide reports.

How decisions on the outcome of an investigation are made, including when warnings, reprimands, enforcement notices, or penalty notices may be used.

When the ICO may consider a settlement with a reduced fine, and how that process works.

Updates to align with recent legislation

Once finalised, the new guidance will sit alongside the ICO’s Data Protection Fining Guidance, with the two forms of guidance replacing the current Regulatory Action Policy.

The Data (Use and Access) Act 2025 also extends the ICO’s investigatory and enforcement powers under the Privacy and Electronic Communications Regulations 2003 (PECR), bringing them broadly into line with the powers the ICO has under data protection law. While some differences remain, the ICO intends to apply a similar approach to both areas.

What this means for you

Where you act as a data controller or processor, awareness of this new guidance could be helpful in preparing for potential investigations and demonstrating good management of your data protection compliance responsibilities.

The consultation closes on Friday 23 January 2026.

To review the draft guidance and respond to the consultation, see: https://ico.org.uk/about-the-ico/ico-and-stakeholder-consultations/2025/10/ico-consultation-on-data-protection-enforcement-procedural-guidance/

HSE Launches Consultation on Strengthening Asbestos Regulations

The Health and Safety Executive (HSE) has launched a public consultation on proposals to improve how the Control of Asbestos Regulations are applied and related guidance on asbestos management.

What the consultation covers

The consultation seeks views on three main proposals:

Ensuring independence and impartiality in the four-stage clearance process after asbestos removal, to further reduce the risk of exposure

Raising standards for asbestos surveys so that dutyholders have clearer, more reliable information to manage asbestos risks

Clarifying what types of work with asbestos fall under Notifiable Non-Licensed Work (NNLW)

The consultation will be of particular interest to dutyholders, asbestos analysts, removal contractors, surveyors, and professionals involved in facilities management and construction.

Rick Brunt, Director of Engagement and Policy at HSE, said: “Asbestos continues to be a significant risk to workers in Great Britain. While we have made significant progress in managing asbestos risks, these proposals represent an important step towards further strengthening protections for workers and the public.”

Minister for Social Security and Disability, Sir Stephen Timms, said that asbestos exposure continues to be responsible for more than 5,000 work-related deaths each year in the UK, making it the country’s biggest cause of occupational fatalities.

He added that the consultation aims to refine existing regulations to improve protection for both workers and the public.

What businesses should know

If you own, manage, or maintain buildings constructed before the year 2000, the consultation is a reminder that asbestos management remains a key compliance responsibility.

If you are involved in asbestos surveys, whether commissioning or carrying them out, or are involved in construction and renovation work, it could be worth reviewing the proposals.

The consultation runs until 9 January 2026. To read the proposals in full and respond, see: https://consultations.hse.gov.uk/hse/proposals-control-of-asbestos-regs-2012/

Employers Reminded of Duty to Prevent Sexual Harassment During Festive Season

As the festive season approaches, employers are being reminded of their responsibility to take reasonable steps to prevent sexual harassment at work events, including Christmas parties.

The Worker Protection Act 2023 imposes a preventative duty on employers to protect staff from harassment in the workplace – whether at their usual place of work or at work-related social events.

Heightened risks during festive events

Workplace parties are often positive occasions that bring everyone together, however, the combination of social settings, alcohol, and out-of-hours events can increase the risk of inappropriate behaviour.

Employers are being encouraged to plan ahead and take practical steps to protect staff and maintain a safe, respectful environment.

This does not mean cancelling festive activities, however there is a need to consider the potential risks and take reasonable steps to prevent harm.

What should you do?

The Equality and Human Rights Commission (EHRC) has published guidance for employers on what to consider when organising workplace Christmas parties. Their top three steps are:

Think ahead to prevent problems – these could include how you will manage alcohol, overnight accommodation and power imbalances.

Set expectations early and remind employees of company policies.

Consider the risk of third-party harassment, such as from other customers and members of the public.

More information can be found on the EHRC website.

For technical guidance on sexual harassment and harassment at work, see: https://www.equalityhumanrights.com/guidance/sexual-harassment-and-harassment-work-technical-guidance

Service	Name	Purpose	Expires
	PHPSESSID	This cookie stores a visitor's unique, randomly generated, session id and is used to pass information between site applications to enable them to function correctly. It is forcibly expired when the user closes the browser.	Expires on browser close
	nc_status	This cookie is used to optimise website traffic and distribution of services.	1 day
	nc_sid	This cookie is used to optimise website traffic and distribution of services.	Expires on browser close
	cookie_analytics	This cookie is used to define the option to enable or disable analytic and marketing cookies used for the website.	1 month
	ow_ac	This cookie is used to define whether cookiebar is displayed or not.	1 month
WordPress	wordpress_sec	This cookie stores a visitor's unique, randomly generated, session id and is used to pass information between content management system called WordPress to enable it to function correctly. It is forcibly expired when the user closes the browser.	Expires on browser close
WordPress	wordpress_logged_in_xxxx	Creates a session of the user currently logged into the website through the WordPress login page. This expires upon browser close.	Expires on browser close
WordPress	wp-settings-x	Wordpress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. This cookie is only applied to persons logging into the website through WordPress.	Expires on browser close
WordPress	wp-settings-time-x	Wordpress sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. This cookie is only applied to persons logging into the website through WordPress.	Expires on browser close
WordPress	_icl_current_language	This cookie allows the built in WordPress Multilanguage plugin, to store the user’s current language. This is critical for allowing the site to function properly.	1 day
WordFence	wfwaf-authcookie-(hash)	This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded. This cookie will only be applied for users who have logged into the website.	Expires on browser close
Litespeed	_lscache_vary	This cookie allows Litespeed to store the user’s login status, the role of current user and if it has admin bar showing or not.	2 days
Litespeed	ls_smartpush	This cookie allows Litespeed to store server settings to help with performance.	2 days

Name	Purpose	Expires
_ga	This helps us count how many people visit by tracking if you’ve visited before.	2 years
_gid	This helps us count how many people visit by tracking if you’ve visited before.	24 hours
_gat_irisOpenWebsite	This helps IRIS Software Group, the developer of the website, to monitor site performance for . The data collected is anonymous and is only used for analysing website performance overall.	24 hours
_gat	This is used for managing the rate at which page view requests are made.	Expires on browser close