Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
EU representation isn’t a new thing – it’s a core component of the GDPR – but it has become something that UK companies need to be aware of post Brexit. Up until 31st December 2020, UK companies didn’t need to worry about having an EU representative, as the UK was a part of the EU. Now things have changed, and many UK businesses need to find an EU data representative in order to maintain compliance with EU GDPR.
The purpose of an EU representative is to be a point of contact for both the data subjects based in the EEA and the Supervisory Authorities in the EEA. Effectively, an EU representative must be able to represent a company regarding its obligations under the EU GDPR. They can be an individual or a company (e.g. law firm, consultancy or other private company), and will have to be mentioned on privacy notices so that people based in the EEA know who to contact if they wish to exercise their rights under the GDPR. Equally, they will also hold and maintain any records of processing for a company and make these available to the Supervisory Authorities as required.
You need an EU representative if your business:
There are some exceptions to be aware of here, so you don’t need an EU representative if
Or
The more formal wording used as used in the GDPR itself can be viewed here.
Bulletproof has helpful free resources for organisations looking to find out more about GDPR. Why not download our educational GDPR white paper, watch our insightful webinar featuring our Head of Compliance, or view our interesting infographics?
As the saying goes, what’s good for the goose is good for the gander. And sure enough, following Brexit, there’s now the need for companies based outside of the UK to have a UK representative to maintain compliance with UK GDPR. The rules and exclusions are the same as mentioned above:
Non-UK businesses need a UK representative if your business:
As with before, the exclusions are essentially the same, so a UK representative isn’t needed if either:
Occasional
The ICO states that the EU representative should be based in a country where (some of) your data subjects are located. Obviously, if you process personal data of data subjects located across the EU, you will need to decide as to the best place to locate your EU representative, taking into consideration the volume of data subjects you have in each country, the need to be able to communicate with the data subjects and Supervisory Authorities in their language, and where the representative can most effectively fulfil their role. However, if you’ve only got customers in, say, Spain, you should locate your representative in Spain.
Once you’ve determined the best location for your EU representative, you need to appoint an EU representative officially by confirming the appointment in writing. Make sure you keep the ‘EU Data Representative Appointment Letter’ on file. You’ll also need to have a contract in place to ensure their role is clearly defined, reporting lines are in-place, and so on. Note that having a representative does not affect your own liability or responsibilities under the EU GDPR.
Once you have appointed a representative, you need to make sure you update your privacy notices to provide their contact details so that data subjects and the Supervisory Authorities are able to contact them – this is in addition to any other contacts you have on your privacy notice e.g. your UK contacts.
Simply put: no.
Whilst this might seem like a handy shortcut at first, the European Data Protection Board issued guidance back in November 2018 saying that there was a clear conflict of interest if the Data Protection Officer (DPO) was also the EU representative. Plus, DPOs often have their hands full dealing with data subject access requests and reporting breaches, amongst much else. On the subject of data breaches, find out what Bulletproof DPOs thought of the biggest data breaches of 2020 and what lessons businesses could learn.
In this blog we learnt:
As Managing Director of Bulletproof, Nicky’s responsible for innovating and evolving Bulletproof’s compliance services. With a varied and interesting career, Nicky shares amazing insight that directly helps businesses overcome their security and compliance challenges.
Bulletproof’s experienced data protection officers give your business on-going support and maintenance of your data protection obligations. Find out more about our flexible, cost-effective packages.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.