US data transfers... are they allowed? Well. Yes. It depends....it’s complicated. Let’s get stuck in and I’ll explain all. In July this year, the EU Commission made an adequacy decision for the new EU-US Data Privacy Framework (DPF). This can be seen as Safe Harbor 3.0. Essentially, in most scenarios, data transfers from the EU to the US are now permitted without the need for other mechanisms such as Standard Contractual Clauses (SCCs).
This is a Bulletproof Tech Talk article: original research from our penetration testing team covering issues, news, and tech that interests them. It’s more technical and in-depth that our usual blog content, but no less interesting. Some readers may remember an article published by Bloomberg entitled "The Big Hack: How China used a Tiny Chip to Infiltrate U.S. Companies".
Data protection officers (DPOs) are often seen as secret weapons in an organisations’ operations arsenal. When done right, they can quickly and effectively make the headache of managing your data protection obligations go away – leaving you free to focus on running your business. But how do you know much DPO time you need? And why? That’s what I’m looking at in this blog.
Over the past few years there’s been an explosion in demand for penetration testing services. What was once seen a service only needed by larger enterprises is now more affordable than ever and used by SMEs and startups. This increase in adoption is partly down to pen testing being an all-round useful cyber control, but it’s also driven by compliance.
Get a real-world test of your security maturity with a red team test Learn more about red teaming.
We asked a Bulletproof expert ‘Can you cheat Cyber Essentials?’ along with other hotly debated compliance questions, to see what he really thinks. Read what he has to say or watch the video. This is part of our Candid Chats series, where we ask the awkward questions.
Many businesses still think of cyber security as an IT function - it’s one of the most enduring myths we face in the industry. This is bad news. Cyber security is not just an IT problem: it is a business problem. Cyber security is risk, and risk is a business issue. Cyber is so much more than a collection of IT controls, yet it’s an uphill battle to get it seen as anything else.
