BS 10012 is a British Standard for a Personal Information Management System (PIMS) that provides a framework for organizations to manage personal data, improve GDPR compliance, and enhance their reputation and customer trust
BS 10012 provides a structure for a Personal Information Management System. Every organization that processes personal information should set out to safeguard the privacy of the people it affects. It covers areas such as employee security awareness training, risk assessments, data retention and disposal, helping you to put in practice policies and procedures to enable the effective management of personal information on individuals. This standard is widely accepted in the EU.
Important here is that the organization is responsible to comply with data protection regulations by law and has to maintain a personal information management system (PIMS) which provides a framework for maintaining and improving compliance with data protection requirements and good practice.
TUV USA offers certification against BS10012 to confirm or establish the status and level of compliance with GDPR requirements covering the six data protection principles that require personal information to be:
According to GDPR a certification of an independent certification body is a supporting element to prove compliance and shows a high level of commitment of the certified organization to maintain a robust and up to date PIMS.
Any company handling, processing or working with data of EU citizens aiming to provide proof that they have implemented a PIMS to manage data in compliance with GDPR requirements.
The General Data Protection Regulation (GDPR) was as a result of updating the European Union (EU) Data Protection Directive 95/46/EC. The GDPR adds new obligations to data processors and data controllers, including those based outside of the EU. The law aims to give citizens more control over their data and to create a uniformity of rules to enforce across the continent.
BS 10012 is a British standard that provides a framework for establishing, implementing, maintaining, and improving a personal information management system (PIMS). It helps organizations manage personal data in compliance with data protection regulations, such as GDPR.
BS 10012 is suitable for any organization that processes personal data, regardless of size or sector. It is particularly beneficial for organizations seeking to enhance their data protection practices and demonstrate compliance with data protection laws.
BS 10012 aligns with the principles of GDPR, providing a structured approach to managing personal data in compliance with the regulation. It helps organizations implement GDPR requirements effectively, such as data subject rights, data security, and accountability.
Benefits include improved data protection practices, enhanced compliance with data protection laws, increased trust and confidence among stakeholders, and reduced risk of data breaches and non-compliance penalties.
BS 10012 provides guidelines for managing data subject rights, such as access, rectification, and erasure, ensuring that organizations can respond effectively to data subject requests.