This is about a week old, but a pretty big deal. What a monumental screw up:
That the procurement procedure did not take into account how to handle classified data (let alone the bog standard data protection rules) is beyond comprehension. Well, not really: it is another piece of evidence that even supposedly capable procurement bodies do not understand technology or the implications arising from their choices. Let alone how to deal with the risks arising from the contract.