Bulletproof’s international man of compliance

Written by Luke Peach on 10/05/2019

Travel Tales: Bulletproof goes to Bangalore

Here at Bulletproof we’re an international business. Though most of our work is in the UK, we’ve expanded our reach to places including the USA, Europe (I was in Zurich at the beginning of the year) and most recently, Bangalore. Sometimes the life of a Bulletproof Compliance Consultant is as glamorous as you think. I’m often asked “what does a Compliance Consultant actually do?” To which I usually respond “Well, mum, it’s complicated, but the short version is, we go into companies and help them meet and maintain compliance with various regulations.”

At Bulletproof, we’re experts on a number of compliance packages, be it PCI, ISO or GDPR. If it’s got an acronym, we know all about it. So, out of these services, which one was it that lured me halfway across the world to India? Well, you might be surprised to learn it was GDPR.

If you're processing data on EU/UK citizens you have to be GDPR compliant. It's not optional.

Not just for the EU

The first leg of my journey involved a seven-hour flight to Dubai. Those of you who have ever glanced at a map will be able to confirm that Dubai lies somewhere outside of the EU, and I still had another four-hour flight to go.

Why was I flying to Bangalore then? Isn’t GDPR a piece of European legislation? Yes it is, but it’s about protecting the data of EU (and UK) citizens. If a company is collecting or processing data on EU citizens, they have to abide by these rules, regardless of where they are based. Whether you’re in the UK, the US, the Middle East or even a small independent business nestled in the depths of the Amazon, if you’re processing data on EU/UK citizens you have to be GDPR compliant. It’s not optional.

Bangalore (or Bengaluru) is often described as India’s Silicon Valley. It’s their technology capital and we live in a globalised world, so it’s natural to assume the businesses of this thriving city have a lot of dealings with EU and UK citizens. Why did they come to us? Well, we like to think it’s because Bulletproof are very good at what we do.

Road sign with various Indian locations
India’s Silicon Valley, complete with Helipad!

Implementing GDPR in India

I’m glad to say that, in my extensive travels, I’ve seen businesses across the globe taking data protection very seriously. However, I’ve also encountered organisations simply adding ‘we take data protection very seriously’ to their Privacy Notices and declaring the job done. Regardless of a company’s attitude, all GDPR compliance projects, gap analyses or DPO services start with me reading up on a company’s current processes and business practices to gain a general understanding of what stage they’re currently at. This reading is an important part of the whole process as it means:

  • I’ll know how your business works before we get stuck in
  • I get an idea of the stage you’re currently at
  • I can start working on improving policies and procedures straight away

In this regard, helping an organisation in India with their GDPR projects is much the same as any other organisation – that’s the beauty of GDPR.

Your rights as a data subject can be abused just as easily in the UK as anywhere else.

Let’s get to work

As a man who drives a car with all the modern safety features and who never goes a single mph over the speed limit, it was fair to say the journey into the Bangalore office was a new experience for me. I will say that spending fifteen to twenty minutes screaming is a good way to make sure you’re fully alert for the day’s work. I also saw a tiny scooter with no fewer than five people on it – a sight that will stay with me forever.

A lot of people get a bit tetchy when they hear their data is going to be processed here, there and everywhere. From my experience, there are responsible companies and irresponsible ones, and where they are in the world doesn’t make a difference. Your rights as a data subject can be abused (or outright ignored) just as easily in the UK as anywhere else. Fortunately, most companies appear to be taking their responsibilities seriously, which is where Bulletproof come in.

There are some key challenges with helping companies become GDPR compliant, which are sometimes made harder when working in other countries. For example:

  • The individual aspects of GDPR and how it can be enforced is rarely understood
  • Knowing how to implement an EU representative, why they are needed and what they do can be difficult to explain
  • Making GDPR training understandable and, more importantly, engaging can be more challenging when working through the filter of an alternative culture

My time in Bangalore was limited, so I had to make the most of it. Having scoured several documents on the plane, I was able to get started right away. We reviewed all relevant documentation and I pointed out what was good and what was lacking. I was then taken on a tour of the building to review the security in place and then we got down to the nitty-gritty of procedures. A gap analysis is the best place to start with any GDPR project as they’re a handy way to see what you’re doing well and put a plan in place to tackle the areas that need improving.


All work and no play...

On being asked to write this blog I was excited to unleash my inner Bill Bryson and start talking about the history, the sights, the culture, the landscapes and the delicious food. Then came the caveat that it has to be business-focussed with interesting and relevant links to our services.

So, challenge accepted. Brace yourself...

The local beer was delicious, and so cheap that I could almost justify a flight to India every Friday. The price in no way reflected a lack of quality: it was simply great value for money... much like Bulletproof’s penetration testing services. From app testing to red teaming, we’ve got you covered.

Despite my incredibly English palette (I can’t even handle BBQ flavoured pringles on a bad day), I found myself spoilt for choice at the dinner buffets. Aromatic rice, sumptuous spiced mutton and a range of vegetarian dishes meant there was something for everyone... just like there’s something for every business with our S.W.A.T. Defence® managed SIEM packages.

Then, after I’d eaten my fill, I was usually given a glass of what looked like grass, peppers and ice cream. Except it’s much nicer than that sounds. It was said to aid digestion and leave you feeling less bloated after a meal, leaving you perfectly satisfied. Which is much like how our customers feel after we’ve delivered that perfect audit report.

No matter where in the world you need us... we'll even jump in a Tuk-Tuk to get you the support your business needs.

Back home to bed

All in all, it was a rewarding trip. Having left another happy customer I feel confident in saying that we’ll be jetting off to India again soon to play our part in keeping people’s personal data safe and secure. All in a day’s work for this humble Compliance Consultant. There’s no telling where the next job might take me, Australia, Croydon... the moon, the possibilities are endless. No matter where in the world you need us, we’ll take trains, planes and even Tuk-Tuks to get you the support your business needs.


  • Bulletproof are CREST approved

    CREST approved

  • Bulletproof are ISO 27001 and 9001 certified

    ISO 27001 and 9001 certified

  • Bulletproof are Tigerscheme qualified testers

    Tigerscheme qualified testers

  • Bulletproof are a PCI DSS v3.2 Level 1 service provider

    PCI DSS v3.2 Level 1
    service provider

  • Bulletproof have 24/7 on-site Security Operations Centre

    24/7 on-site Security
    Operations Centre

Get a quote today

If you’re interested in our services, get a free, no obligation quote today by filling out the form below.

By submitting this form, I agree to the Bulletproof privacy policy.