Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
A Data Protection Officer (DPO) is a lot like a little angel on your shoulders, except instead of a little harp, they have a complete understanding of GDPR and other data protection laws. Their job is to make sure you don’t listen to the devil on your other shoulder encouraging you to do all sorts of non-compliant things, like process data unlawfully or without permission. In business language, they are responsible for overseeing data protection strategy and implementation to ensure compliance.
Quite a lot is the short answer, but as you’re probably here to read the specifics, I’ll elaborate. The core tasks of a DPO are:
One thing to remember about that last one: contacting the ICO is something the DPO has to do in the event of a data breach which puts data subjects at risk. Whilst a data breach of this kind can pose the risk of a fine, this is a legal obligation. Don’t get mad at your DPO when they do this. It’s like if a child breaks their mum’s lamp; they’ll be in more trouble if she finds out herself than if they come clean straight away and apologise. Believe me, the fines can be far more severe than a week’s grounding.
What sort of person should you look for to be your DPO? You certainly don’t want any old Tom, Dick or Harriet guessing their way through and going along with whatever you say. You want someone who’s willing to stand up for what is right and who lives and breathes data protection.
Your ideal DPO must be:
Yes. No. Maybe? It depends. Under GDPR, you must appoint a DPO if:
Don’t do any of that stuff? – Then technically, you don’t need one. Hooray! Though, think really hard about it, as like all legal speak it is a touch vague and open to interpretation. Check out our previous data protection officer blog for a more in-depth look at the above.
Whilst you may not need one under GDPR, you can still get one voluntarily if you’re the cautious type or if you think you’re going to fall into one of those categories in the near future. Make sure whoever you appoint doesn’t have a conflict of interest in fulfilling their role as a DPO. Whether you appoint one or not, you must document this along with your reasoning to appease the ICO when they come questioning. Watch a Bulletproof expert explain more about appointing a DPO in this video:
The best place to put them is in their own department. You can’t have them working under a sales, marketing or support manager because these are core business functions and your DPO may become biased (unintentionally or not) as a result.
If you were to plot the DPO position on your company tree, it would be on the branch just below the highest manager possible. In most cases, this is the big boss CEO, though it can be a different C-Level position so long as it won’t cause conflicts of interest or bias. We’re all responsible for data protection, but the CEO is responsible for the whole business and will take ultimate responsibility for any fines incurred if the company makes a booboo.
Download DPO Guide
By now, you’re probably thinking, ‘oh great, now I have to shell out a hefty salary for a DPO.'. Well… not necessarily. The question you have to ask yourself is, am I processing enough data to warrant hiring a full-time DPO?
For most SMEs then the answer is almost always no, in which case an outsourced DPO makes the most sense. Getting the position outsourced means you’ll get someone who is already trained and, crucially, independent from the rest of the business. Perhaps most importantly, you’ll only pay for the time they’re needed for.
Outsourced DPOs are not a solution for enterprise-class organisations or businesses that process vast amounts of data — they will require a full-time DPO. But for the rest of us, outsourcing just makes sense. Either way you choose to do it, having a data protection officer on board will help your business become compliant with GDPR and maintain the best standards of data privacy.
Luke is Bulletproof’s Head of Compliance, and can often be found coming up with new, innovative, and entertaining ways to evolve our compliance services portfolio. His passion for compliance and business insights always comes through in his articles.
Find out how to secure your business in 10 steps with our free best practice infographic.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.