Data protection officers (DPOs) are often seen as secret weapons in an organisations’ operations arsenal. When done right, they can quickly and effectively make the headache of managing your data protection obligations go away – leaving you free to focus on running your business. But how do you know much DPO time you need? And why? That’s what I’m looking at in this blog.
Over the past few years there’s been an explosion in demand for penetration testing services. What was once seen a service only needed by larger enterprises is now more affordable than ever and used by SMEs and startups. This increase in adoption is partly down to pen testing being an all-round useful cyber control, but it’s also driven by compliance.
Get a real-world test of your security maturity with a red team test Learn more about red teaming.
We asked a Bulletproof expert ‘Can you cheat Cyber Essentials?’ along with other hotly debated compliance questions, to see what he really thinks. Read what he has to say or watch the video. This is part of our Candid Chats series, where we ask the awkward questions.
Many businesses still think of cyber security as an IT function - it’s one of the most enduring myths we face in the industry. This is bad news. Cyber security is not just an IT problem: it is a business problem. Cyber security is risk, and risk is a business issue. Cyber is so much more than a collection of IT controls, yet it’s an uphill battle to get it seen as anything else.
Despite the GDPR routinely (and wrongly) being seen as an encumbrance, many of its requirements make sense for sound business and management reasons. For example, the requirement to maintain Records of Processing Activities (RoPA) under Article 30 can reduce time needed from business analysts when scoping projects. Data Protection Impact Assessments (DPIAs), reduce time misspent on projects which are not appropriate, legally viable, or necessary.
