Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
This blog is based on insight from our 2023 State of Cyber Security report.
This month sees GDPR celebrate its 5th birthday, and during that time it’s stayed more-or-less the same. With unchanging rules and half a decade of time to get data protection things in order, you might think that the need for GDPR consultancy is dwindling. However, as we showed in our 2023 State of Cyber Security report, that’s sadly not the case. Data protection and EU/UK GDPR are as much of a challenge to businesses now as it was half a decade ago. So let’s unravel the mystery and make it easier.
Let’s look at the top 3 areas businesses struggle with when getting GDPR compliant. Then we’ll break them down to see what we can learn.
Our data revealed that understanding the finer details of consent is the single most common problem. Over all the lawful bases of processing, consent is actually one of the weakest, as it can be withdrawn at any time. Businesses over-relying on consent as its lawful basis shows that there’s a poor understanding of the core principles behind the GDPR. This goes both ways: there’s probably some data processing happening that could be reduced, but also some processing that could be strengthened by not relying on consent.
In the world of GDPR, if it’s not recorded, you may as well not be doing it. I think that’s a sentence to strike fear into the hearts of Data Protection Officers everywhere, but what it actually means is: you need to keep good records. If a subject access request comes in, if you get audited, if you ever want to know if you’re anywhere near GDPR compliance, then you need to keep records. The nature of recordkeeping means keeping things continuously up to date, which in turn means an on-going responsibility. Key amongst the struggles here is maintaining a good Record of Processing Activities, known in the trade as a RoPA.
The solution to this problem is quite straight-forward: just get a data protection officer (DPO) in. It’s not expensive, it’s easy and it generally speaking makes the headache go away. Once the framework for recordkeeping is in-place, it’s easy for a good DPO and trained staff to keep everything up-to-date. And that brings us nicely to our last problem.
Following on from recordkeeping, general GDPR maintenance is the last of our most popular GDPR failures. With the gradual increase in general awareness of GDPR, we increasingly see businesses taking it on themselves to manage data protection in-house. This is a great approach, so long as you have the resources and knowledge to do it properly. Otherwise, all you’re really doing is creating problems. As the saying goes, ‘a little knowledge is a dangerous thing’, and without properly trained and resourced staff, you’re making it more expensive. It’s always easier - and cheaper – to do things right from the off rather than fix mistakes. Not to mention that if it’s not exactly right, you’re not GDPR compliant.
Whether you’re just getting started or are facing developed challenges, our friendly GDPR consultants can help.
Next let’s look at the top 3 things our DPOs do to see what that means for businesses.
Number one on our list is helping with Data subject Access Requests – often called DSARs or SARs. This will surely come as no surprise to anyone who’s had to deal with one, as SARs can be extremely resource-intensive, not to mention difficult, for those who haven’t prepped. Desperately getting in a DPO the first time you receive a SAR can help, but to truly take away the pain, you need to prepare for a SAR ahead of time. Ideally as part of GDPR implementation, or if you’re not that organised, as part of your on-going DPO support – but it needs to happen before your first request. And as public awareness of the GPDR increases, so does the volume of SARs.
The next most popular DPO activity is breach support – aka, help when something’s gone wrong. ‘Data breaches’ are often in the headlines thanks to better cyber security scrutiny, but in the data protection world, a data breach could be as simple as writing someone’s details on a post-it note and leaving in on your desk. On the hand, it could be as severe as losing millions of customers’ sensitive data. Generally speaking, most data breaches we deal with are somewhere in-between. Again, this arises from a lack of internal knowledge. Do you need to report this data breach to the ICO? Does it need to be communicated to customers? Do you need to expect legal consequences? Most businesses have no idea, hence the DPO.
This is another one connected to maintenance – are you getting that GDPR is not a ‘one and done’ yet? Unless your business is completely static, you’ll need to do data protection impact assessments (DPIAs) as a part of the ‘data protection by design’ part of the GDPR. ‘Static’ means no new suppliers, no new (or changed) processes, no new software tools, no new products or services, etc. So in real terms, DPIAs and assessing risks to personal data in your organisation has to happen in an on-going basis. Again, the resources and knowledge to do this in-house can be challenging, especially in the current economic climate, when most of your staff are focussing on growth.
As we can see, the real sticking points with GDPR and data protection boil down to time and knowledge. When businesses are focussed on, well, business, finding the resource to maintain GDPR in-house is a struggle. Even hiring a data protection officer in-house is expensive. That’s why outsourced data protections officers are so popular – they can take that pain away. But it doesn’t all have to be down to a DPO. My top tip for business is to evangelise and embed ‘GDPR champions’ within your workforce. This can absolutely help maintain data protection and GDPR on a day-to-day basis. The better the general awareness of your workforce, the more likely they are to question dodgy data processing, stopping problems before they start. It also helps out your DPO.
Engaging a DPO also makes business-wide decisions easier, as they can work with your compliance and security teams. For example, making sure your DPO and your vCISO are on the same page can really get things done quickly.
As one of our more experienced data protection officers, Rebecca knows data protection inside and out. Her favourite topics to write about include UK & EU GDPR, DPO activities and the often-overlooked PECR regulations.
Get help with DPIAs, RoPAs, SARs, breaches and much more with our experienced data protection officers. A right-sized service fits your need and your budget.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.