Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
Digital cookies have become a ubiquitous tool in how websites identify visitors, understand their online behaviour, and make browsing more convenient for the user. Cookies are small text files which store data to identify your computer. Cookies aren't necessarily bad. They're useful for encryption, delivering webchats, improving marketing campaigns by personalising the content displayed, and many other digital services. This can make the browsing experience more enjoyable for a user by delivering customised messaging and preferences, such as retaining shopping carts, wish lists or remembering login information.
For domain owners, analytics cookies drive intelligence for marketing purposes, the efficacy of advertising and allow advertisers (including referrers) to be paid for advertising on a website. Analytics cookies are a form of a web audience measurement (WAM). These differ from digital cookies in that websites can collect information on how people are accessing them, how long users are spending on the site, the number of visitors, and how long each session lasts. Consent is an important factor with analytics cookies as they don't prohibit users from accessing websites and therefore would not form part of the user request to access a site. Public services such as the NHS use these same cookies to get the best value from and to understand engagement with public health or safety campaigns.
Despite the advantages, cookies are not without their problems. Privacy can be an issue as web browsers with cookies enabled will remember the websites you have visited. This information can then be accessed by third parties in the form of advertisers who then target ad campaigns to your browser. Some websites will simply not function as intended if users don't accept cookies. A user's e-commerce customer journey could also be less tailored without accepting cookies.
A user can be identified by a combination of their IP address, their browser version, and device information (online identifiers) as stated in Recital 30 of the GDPR. This allows the person to be digitally tracked without their knowledge. When cookies collect and store information about a user's online habits, it can be used for targeted ads and content. An example is when you're browsing for a new pair of shoes online. You may have spent some considerable time browsing without buying. Next time you visit a different website or Facebook, you may see targeted ads appear around the shoes you looked at. This is an example of cookies tracking your digital presence once they've been stored on your device. Another example could be searching Google for a mobile phone brand and subsequently being targeted with ads from that brand.
NoYB – European Center for Digital Rights is a legal activism project dedicated to the purity of privacy rights. Its aims are to launch court cases and initiatives in support of the GDPR, the ePrivacy Regulation (ePR), and information privacy in general. It launched 101 model cases in August 2020 – these are 101 complaints filed in 30 EU and EEA member states against companies which still unlawfully transfer website user data between the EU and US to Facebook and Google. The 101 complaints were also brought against Google and Facebook in the US for accepting data transfers, despite this being in violation of the GDPR.
On the 12th of January 2022, the Austrian data protection authority ruled that cookies which transfer personal data to the US, including analytics cookies, without valid consent from the individual are unlawful. A ban is expected to be enforced by the German authorities. The case surrounded an Austrian website's continuous use of Google Analytics and the resulting personal data transfers sent to Google which breached the GDPR. It was found that users were not properly informed of this data capture or given the option of opting-in beforehand. The ruling does not sanction Google themselves but targets the owners of websites using their services. Fines have not yet been imposed, nor has any compensation been awarded.
Cookies are useful and most websites will give users the option of accepting or rejecting the use of cookies during their sessions. But misuse of cookies can be intrusive, unlawful, and can breach regulations like the GDPR. Some of the biggest organisations in the world such as Google and Amazon have faced huge fines after they were found unlawfully using cookies. There are many upsides to businesses using cookies on their websites, however it is crucial to remember that not following the correct guidelines can cause financial and reputational damage. This was demonstrated with the recent Austrian DPA ruling concerning the use of Google Analytics and the unlawful capture and transfer of user data to Google. Transmission of personal data to non-approved jurisdictions without guaranteed protection of the data is a huge risk which is why the use of cookies should be clearly understood by organisations before implementing them onto their websites.
Richard is a seasoned senior GDPR and data protecton consultant who uses his experience in GDPR compliance to write with passion and insight on GDPR and data protection. Heading up Bulletproof's GDPR team, he makes sure that our services and individual data protection consultants are all at the top of their game.
Bulletproof's experienced data protection officers give your business on-going support and maintenance of your data protection obligations. Find out more about our flexible, cost-effective packages.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.