BS10012 Certification - (PIMS) - Personal Information Management Certification

What is BS 10012?

BS 10012 provides a structure for a Personal Information Management System. Every organization that processes personal information should set out to safeguard the privacy of the people it affects. It covers areas such as employee security awareness training, risk assessments, data retention and disposal, helping you to put in practice policies and procedures to enable the effective management of personal information on individuals. This standard is widely accepted in the EU.

Important here is that the organization is responsible to comply with data protection regulations by law and has to maintain a personal information management system (PIMS) which provides a framework for maintaining and improving compliance with data protection requirements and good practice.

BS 10012 Certification

TUV USA offers certification against BS10012 to confirm or establish the status and level of compliance with GDPR requirements covering the six data protection principles that require personal information to be: 

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary (data minimization)
  • Accurate and, when necessary, kept up to date
  • Kept in a form which permits identification
  • Processed in a manner that ensures appropriate security

According to GDPR a certification of an independent certification body is a supporting element to prove compliance and shows a high level of commitment of the certified organization to maintain a robust and up to date PIMS.

Who would benefit?

Any company handling, processing or working with data of EU citizens aiming to provide proof that they have implemented a PIMS to manage data in compliance with GDPR requirements

What is GDPR?

The General Data Protection Regulation (GDPR) was as a result of updating the European Union (EU) Data Protection Directive 95/46/EC. The GDPR adds new obligations to data processors and data controllers, including those based outside of the EU. The law aims to give citizens more control over their data and to create a uniformity of rules to enforce across the continent.

  • Request a Quote in a few easy steps

Other Services

General Data Protection Regulation (GDPR)

The GDPR not only applies to organizations located within the European Union (EU) but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
Read more


In the field of Automation and Manufacturing 4.0, digitalization continues to be the central subject for the future. Increased networking poses new and more comprehensive challenges for product safety.
Read more
  • Let us help you with your Data Protection Needs - Contact us today.
  • 844-488-8872