What is BS 10012

BS 10012:2017 is the latest release of a British Standard entitled management of personal information. BS 10012 standard specifies the requirements for a Personal Information Management System (PIMS). Published in March 2017, this new version of the standard incorporates two key changes from the previous (2009) edition:

• The content has been revised so it aligns perfectly with the requirements of the General Data Protection Regulation (GDPR).
• The structure has been updated to match that of ISO standards such as the ISO 27000 series of information security standards.

In today’s data driven world, BS 10012 helps your business to manage personal data carefully. 

In order to comply with the requirements of GDPR, it is essential that your organisation has strong, effective controls around how personal data is stored, managed and processed: a solid data protection regime that is implemented and understood throughout the organisation provides excellent protection against the risk of a data breach.

ISO 27001 is a solid choice for implementing controls, but for many organisations it is overkill: it provides a framework for an information security management system that spans all aspects of security.

BS 10012, on the other hand, is targeted specifically at the management of personal data – the core focus of the GDPR legislation – and as such it is a much more appropriate standard if your focus is specifically on the protection of personal data.

• Compliance – BS 10012 certification displays a commitment that your organisation is meeting the requirements of the GDPR, demonstrating both compliance and accountability.
• Security risks – BS 10012 can help you identify and mitigate your information security risks for the personal data you process.
• Stakeholder confidence – Certification to BS 10012 provides your customers, trading partners and other key stakeholders, with confidence that you have addressed all security risks relating to their personal information.
• Reputation – BS 10012 safeguards your organisation’s reputation from damaging publicity relating to data security violations and potential prosecution.
• Capability statement – BS 10012 presents a public and independent statement of your organisation’s capability to protect individuals’ personal data, which may help when responding to tenders

If you are interested in getting a quote for a gap analysis or certification to BS 10012:17, please do not hesitate to contact us and we would be happy to assist.