BS10012 Certification - (PIMS) - Personal Information Management Certification

What is BS 10012?

BS 10012 provides a structure for a Personal Information Management System. Every organization that processes personal information should set out to safeguard the privacy of the people it affects. It covers areas such as employee security awareness training, risk assessments, data retention and disposal, helping you to put in practice policies and procedures to enable the effective management of personal information on individuals. This standard is widely accepted in the EU.

Important here is that the organization is responsible to comply with data protection regulations by law and has to maintain a personal information management system (PIMS) which provides a framework for maintaining and improving compliance with data protection requirements and good practice.

BS 10012 Certification

TUV USA offers certification against BS10012 to confirm or establish the status and level of compliance with GDPR requirements covering the six data protection principles that require personal information to be: 

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary (data minimization)
  • Accurate and, when necessary, kept up to date
  • Kept in a form which permits identification
  • Processed in a manner that ensures appropriate security

According to GDPR a certification of an independent certification body is a supporting element to prove compliance and shows a high level of commitment of the certified organization to maintain a robust and up to date PIMS.

Who would benefit?

Any company handling, processing or working with data of EU citizens aiming to provide proof that they have implemented a PIMS to manage data in compliance with GDPR requirements

What is GDPR?

The General Data Protection Regulation (GDPR) was as a result of updating the European Union (EU) Data Protection Directive 95/46/EC. The GDPR adds new obligations to data processors and data controllers, including those based outside of the EU. The law aims to give citizens more control over their data and to create a uniformity of rules to enforce across the continent.