Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Keiran Mather
Bulletproof red team demonstrate a novel approach to evade static analysis in Linux malware.
Read More
A Data Protection Officer (DPO) is a lot like a little angel on your shoulders, except instead of a little harp, they have a complete understanding of GDPR and other data protection laws. Their job is to make sure you don’t listen to the devil on your other shoulder encouraging you to do all sorts of non-compliant things, like process data unlawfully or without permission. In business language, they are responsible for overseeing data protection strategy and implementation to ensure compliance.
Quite a lot is the short answer, but as you’re probably here to read the specifics, I’ll elaborate. The core tasks of a DPO are:
One thing to remember about that last one: contacting the ICO is something the DPO has to do in the event of a data breach which puts data subjects at risk. Whilst a data breach of this kind can pose the risk of a fine, this is a legal obligation. Don’t get mad at your DPO when they do this. It’s like if a child breaks their mum’s lamp; they’ll be in more trouble if she finds out herself than if they come clean straight away and apologise. Believe me, the fines can be far more severe than a week’s grounding.
What sort of person should you look for to be your DPO? You certainly don’t want any old Tom, Dick or Harriet guessing their way through and going along with whatever you say. You want someone who’s willing to stand up for what is right and who lives and breathes data protection.
Your ideal DPO must be:
Yes. No. Maybe? It depends. Under GDPR, you must appoint a DPO if:
Don’t do any of that stuff? – Then technically, you don’t need one. Hooray! Though, think really hard about it, as like all legal speak it is a touch vague and open to interpretation. Check out our previous data protection officer blog for a more in-depth look at the above.
Whilst you may not need one under GDPR, you can still get one voluntarily if you’re the cautious type or if you think you’re going to fall into one of those categories in the near future. Make sure whoever you appoint doesn’t have a conflict of interest in fulfilling their dpo services. Whether you appoint one or not, you must document this along with your reasoning to appease the ICO when they come questioning. Watch a Bulletproof expert explain more about appointing a DPO in this video:
The best place to put them is in their own department. You can’t have them working under a sales, marketing or support manager because these are core business functions and your DPO may become biased (unintentionally or not) as a result.
If you were to plot the DPO position on your company tree, it would be on the branch just below the highest manager possible. In most cases, this is the big boss CEO, though it can be a different C-Level position so long as it won’t cause conflicts of interest or bias. We’re all responsible for data protection, but the CEO is responsible for the whole business and will take ultimate responsibility for any fines incurred if the company makes a booboo.
Download DPO Guide
By now, you’re probably thinking, ‘oh great, now I have to shell out a hefty salary for a DPO.'. Well… not necessarily. The question you have to ask yourself is, am I processing enough data to warrant hiring a full-time DPO?
For most SMEs then the answer is almost always no, in which case an outsourced DPO makes the most sense. Getting the position outsourced means you’ll get someone who is already trained and, crucially, independent from the rest of the business. Perhaps most importantly, you’ll only pay for the time they’re needed for.
Outsourced DPOs are not a solution for enterprise-class organisations or businesses that process vast amounts of data — they will require a full-time DPO. But for the rest of us, outsourcing just makes sense. Either way you choose to do it, having a data protection officer on board will help your business become compliant with GDPR and maintain the best standards of data privacy.
Luke is Bulletproof’s Head of Compliance, and can often be found coming up with new, innovative, and entertaining ways to evolve our compliance services portfolio. His passion for compliance and business insights always comes through in his articles.
Find out how to secure your business in 10 steps with our free best practice infographic.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.