Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
GDPR recently breezed past its second birthday and, like many two-year-olds, continues to cause concern and confusion for those who have to deal with it. Unlike real two-year-olds, however, GDPR is quite clear in what it demands and there could be big consequences if they are not met. Watch a webinar from our compliance experts on how to tackle GDPR for your business:
For businesses, failure to meet GDPR’s requirements represents an increased risk of data breaches and the reputational damage and legal repercussions from non compliance. These risks are not inconsiderable: the reputational damage alone is often enough to wipe out a business.
So, with so much resource and support available for GDPR, why are so many organisations still struggling with it?
Using our two years of lessons learnt, this blog will examine what companies are still getting wrong and show what can easily be done to solve the challenges.
We saw that a great number of UK organisations didn't do anything in the period from 2016 when GDPR was adopted, to 2018 (the implementation deadline). As the deadline loomed on 25th May 2018, I’m sure we all remember emails flooding our inbox from companies desperately wanting to still be able to market to us. There were articles and comments galore on the subject of GDPR, theories of instant enormous fines, and then... nothing happened. The clock ticked-over to May 26th, and too many companies thought "oh it's over now, I'll just carry on".
The lack of media coverage combined with the lack of high-profile ICO action over the last two years has only encouraged this attitude, and we see a lot of companies say "it doesn't matter, the ICO won't fine us”. As a result, GDPR gets pushed further down the corporate agenda and the risks (as outlined in the first paragraph) continue to grow.
The solution to this is education, education, education. The ICO themselves ran a lot of awareness campaigns in the run-up to GDPR, but it was aimed at data subjects and their rights, rather than aimed at businesses and their obligations. The result of this is that the public are much more aware of their rights and are more sensitive to privacy implications, meaning companies are much more likely to get challenged (and reported) on their dodgy data use by data subjects. But educated data subjects has come at the cost of clarity for businesses.
To fill this knowledge gap, the open market has had to step in to drive up the standard of corporate awareness. This is something we at Bulletproof work hard to promote. For example, in our webinar we share insights into why companies fail to meet the requirements of GDPR, as well as how they can rectify it.
The past two years have seen many high-profile data breaches. If I say BA, Marriott and (more recently) easyJet, you’ll know what I mean. But despite the high-profile fines associated with these events (BA was fined £183m), the ICO isn’t very active. The headline grabbing £18 billion loss that easyJet are facing is from a class-action lawsuit, not a regulatory fine.
In fact, compared to other Supervisory Authorities, ICO barely registers. In a list of most recent fines, the ICO isn’t even in the top 50, with the likes of Italy, Greece, Spain, Bulgaria, Hungary, Iceland, Denmark (and many more) all issuing multiple fines in the same period. But it’s important to note that this inactivity isn’t a result of policy – it’s a result of under-resourcing.
The Information Commissioner herself, Elizabeth Denham, was warning of a critically under-resourced ICO as early as 2017. The ICO simply doesn’t have the capacity to investigate and take action on all the cases they want to (in case you’re wondering, the fines levied by the ICO go directly to the Treasury). This further proliferates the idea, especially in the smaller end of SMEs, that “the ICO won’t fine me”. Which is a bit like poking a sleeping dragon with a stick. It’s fine, until it wakes up. As the rights of data subjects become increasingly on the political agenda and data subjects themselves feel empowered to report your business, the ICO dragon will awaken. And then it’s coming for your business.
Indeed, this perceived inactivity is no reason to ignore GDPR. To illustrate this point, look at the case of the ICO’s first ever GDPR fine. A pharmacy in North London was fined £275,0000 for carelessly storing documents containing patient data. So it’s clear to see that ICO action is real, and so are the fines.
Whilst we’re on the subject, ignoring the financial risk is also ignoring the non-financial risks to your business. The reputational damage caused by a data breach could destroy your business quicker than a large fine. The solution for both these issues is the same: act now. The best time to start your GDPR project is 2 years ago. The second-best time is right now. Don’t forget that GDPR isn’t some exotic foreign legislation – it’s enshrined in UK law as the Data Protection Act 2018. Directors don’t ignore a company’s other legal obligations like tax, or employee entitlement to work checks (and so on), so why ignore GDPR? Our advice is to take all your legal obligations seriously and become GDPR compliant before it’s too late.
A practical guide for understanding and complying with the General Data Protection Regulation (GDPR)
Moving away from regulatory matters, let’s dive into organisations. Much like ISO 27001, GDPR needs senior management buy-in to succeed. Bulletproof has repeatedly seen that without senior management buy-in, a company’s GDPR efforts fail. Without an example being set, no-one else in the company will bother. GDPR needs to be seen as a core corporate priority that spans all layers of the business.
That’s not the biggest problem with not having management buy-in, however. The biggest hurdle is resourcing. Without top-down support, even a well-managed GDPR project will struggle with budget and resource for external help, internal training, and giving staff time to do the work required. Building internal teams to take on GDPR responsibility only adds to the resource cost, which is why many organisations gain senior management buy-in with cost-effective outsourcing models that deliver expert GDPR knowledge for much less cost, and much less hassle.
Finally, we have companies who realise the risks, have got management buy-in, have committed to doing GDPR, and go right through the process from top to bottom. Sounds great, but problems can still arise.
True GDPR compliance is not a one-and-done exercise. It can require a lot of work for some organisations, and when you get over the initial hurdle, it’s tempting to stick it on a shelf and call it complete. But without constant review, your compliance will very quickly be broken – and you won’t even know it. GDPR is transformative and needs to be built into day-to-day business as usual. GDPR is only successful when it gets embedded in the culture of a business.
This means that someone, somewhere needs to take ownership of data privacy and GDPR within your organisation. They need to work across all departments to bring it all together. Even with management buy-in, this can be a daunting prospect. Data protection expertise isn’t cheap, and there might not be the volume of work for a full-time staff member. It’s for these reasons that outsourcing of this role is rapidly gaining popularity, as it delivers top-tier GDPR and data protection expertise on a cost-effective retainer. Bulletproof’s expert Data Protection Officers undertake this responsibility for many companies, saving them time and money, and keeping them compliant with GDPR.
To recap, here are our four lessons we’ve learnt from the last 2 years of GDPR.
Don’t think that because the implementation deadline has passed that you’re out of the woods. As time goes by, GDPR non-compliance puts your business more at risk than ever.
The ICO has, and does, fine companies for non-compliance. Don’t ignore the very real risks that fines and reputational damage present to your business.
Without senior management buy-in, your GDPR project will fail. Given that cost is an ever-pressing concern, presenting the board with a cost-effective outsourced model can help.
GDPR compliance is a living process that needs to be seamlessly embedded into your business as usual operations. Similar to implementation, maintenance can also be achieved easier and cheaper with an outsourced option.
Joe is a blogger and security evangelist who’s been raising the profile of cyber security for a decade. He writes about a variety of cyber and compliance topics, with a keen eye on translating events and data into valuable customer insights. Never boring, sometimes controversial, always insightful.
Find out how to secure your business in 10 steps with our free best practice infographic.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.