Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
As you may be aware, prior to the end of 2020 there was a lot of debate about what would happen to GDPR on 1st January. Given that the trade negotiations went down to the wire, we were all left in the dark until the deal was done on Christmas Eve. But what are the main headlines from this deal and, more importantly, what do they mean for UK businesses?
Probably the most important outcome of the deal is that data transfers can continue, both from UK to EU and from EU to UK, for at least another 4 months. There’s also the possibility that this could be extended to 6 months. Whilst the UK Government had already advised UK businesses that they could continue to transfer personal data from the UK to the EU, there was no such agreement transferring EU data to the UK. This deal has thankfully changed that, meaning that bilateral data transfers are guaranteed for 4-6 months.
During this time the UK attempts to achieve a so-called ‘adequacy decision’ that will allow data transfers to continue after this 6-month period without the need for any additional safeguards. In simple terms, an adequacy decision is where the EU looks at our data protection regulations and determines if they’re good enough to be considered ‘safe’. Whilst the industry is hopeful that an adequacy decision will be achieved, there’s no guarantee. In case this happens, ICO is advising UK companies to use the 4-6 month breathing space to prepare for a bad outcome.
There are two options for dealing with a situation where an adequacy decision is not made, namely Standard Contractual Clauses (SCC) or Binding Corporate Rules (BCR). In order to do either of these, there’s a certain amount of work you need to do up-front, notably making sure you’ve mapped your data flows. This is so you fully understand inter-company and intra-company data transfers from the EU to the UK.
Standard Contract Clauses can be a straight-forward solution and apply to both inter-company and intra-company transfers. But they come with a word of warning: there are some new versions of the contract clauses currently awaiting adoption by the European Commission. It’s anticipated this will happen in the first few months of 2021, so you may want to wait for the new versions to come out before implementing SCCs.
Larger enterprises may elect to go the other route and use Binding Corporate Rules to transfer personal data between branch offices in the EU and the UK. However, BCRs are strictly for intra-company transfers only – they don’t apply to transferring personal data between companies. These too come with a word of caution: the ICO is no longer be able to approve BCRs. Instead, your BCRs will need to be approved by a supervisory authority from within the EU.
Whilst transfers take up most of the Brexit headlines, they’re not the only concern. One other area which has caused confusion following the announcement of the trade deal is the need for EU Representation. Many people mistakenly think that because the trade deal has given us a stay of execution on data transfers, this also applies to the need for EU Representation. That’s not the case. If you are offering goods and services in the EU, or monitoring data subject’s behaviour in the EU, you will need to appoint an EU Representative. They need to be physically based within the Union, and you’ll also need to make sure their contact details have been added to your privacy notices and that they have a copy of your records of processing.
Though the trade deal was reached at the last minute, UK businesses have been given 4-6 month breathing room in which to start preparations for a variety of eventualities. Whilst we once again wait with uncertainty, this time to see if an adequacy decision will be reached, wise business leaders will be putting wheels in motion to prepare for either outcome, most likely in the form of SCCs and/or BCRs.
As Managing Director of Bulletproof, Nicky’s responsible for innovating and evolving Bulletproof’s compliance services. With a varied and interesting career, Nicky shares amazing insight that directly helps businesses overcome their security and compliance challenges.
Bulletproof’s experienced data protection officers give your business on-going support and maintenance of your data protection obligations. Find out more about our flexible, cost-effective packages.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.