B&B - About Us

Client Portal

About the company

We are a leading firm of Data Protection and Cyber Security Specialists based in Sheffield, UK. We help organisations to gain a competitive advantage in their sector through building trust, demonstrating accountability and securing information assets.

Operating in both the UK and internationally, we support clients in meeting their critical legal obligations in relation to Data Protection and Privacy. And support and minimise exposure to information risk through the deployment of appropriate monitoring, controls and remediation measures.

We are members of the International Association of Privacy Professionals (IAPP), employ CREST qualified Penetration Testers and hold the Cyber Essentials accreditation.


Bruce & Butler, as a member of the cybersecurity community committed to the prevention of all forms of harassment within our industry, hereby pledges its support for a workplace and community free from harassment and fear.

This pledge applies in the workplace as well as in work-related settings outside the workplace or outside the regular business day.


Matt Bruce

After training as an accountant, Matt founded the company in December 2014 and then incorporated the business in October 2015, aged 26.

Matt believed that with the ever accessible and advancing pace of technological change, particularly with the emergence of Cloud, Big Data, Analytics and Artificial Intelligence, the compliant, secure and ethical processing of personal data would form a top corporate risk in the future and would require added assurance protections to be in place.

Matt has delivered keynote addresses at conferences in the UK and internationally, with some in partnership with Microsoft.

Matt has also been shortlisted for the FSB Young Entrepreneur of the Year award 2020 and was inducted into the Business Insider 42 under 42 business leaders in 2018.


At Bruce & Butler we have a few messages that we try to convey to all our partners. These are our core values that run through the way we work and right through each engagement.

We are a personal but direct, no faffing, data protection and information security company with you positioned at the centre. Feel free to start a conversation, get in touch and talk to us about any of our services.

This is about authenticity. Like people, every business is different and understanding what your company represents helps us to position ourselves to partner and support you and the values you hold dear in the best way possible. We actively encourage our team to be themselves, to have a personality and express themselves in a respectful way.

Being brave is about taking ownership and having a voice. We are not the sort of firm who will just say “yes” for speed or simplicity, we will have a voice, we will present challenge where appropriate and we will dig into core issues when required. This is not about being reckless, but about understanding the wider risk landscape and taking appropriate actions and decisions when they are required and in a timely manner.

Put simply, there will be no surprises. Transparency and communication are both key to ensuring that any challenges we face are tackled appropriately and are overcome as efficiently as possible. This is how we run our engagements, you will always be updated and informed – but not badgered.

There is no “I” in team. We share in each other’s success and learn from each other’s opportunities to improve but at the end of the day, everyone is always supported. That is something we believe creates a better service and gets you the best solution tailored to you. Being accountable and securing your data is very important and needs collaboration and team work to get the best results.

Contact Us

Drop Us a line

Contact Us

  • This field is for validation purposes and should be left unchanged.