BS 10012:2017+A1:2018

What is BS 10012 about?  

BS 10012 specifies requirements for a personal information management system (PIMS), which provides a framework for maintaining and improving compliance with data protection requirements and good practice. BS 10012 to be used by those responsible for planning, establishing, implementing, and maintaining a PIMS within an organization. BS 10012 provides a common ground for the responsible management of personal information, for providing confidence in its management, and for enabling an effective assessment of compliance with data protection requirements and good practice by both internal and external assessors. 

Who is BS 10012 for? 

BS 10012 on data protection is useful for: 

• All organizations  

Why should you use BS 10012?  

PIMS address the management of personal information that is held across a wide range of operational units and information technology-based application systems. 

BS 10012 is to enable organizations to put in place, as part of the overall information governance infrastructure, a personal information management system (PIMS) which provides a framework for maintaining and improving compliance with data protection requirements and good practice. 

What’s changed since the last update?  

BS 10012:2017+A1:2018 supersedes BS 10012:2017, which is withdrawn. 

The following principal changes are: 

• Requirements have been revised in line with the European Union General Data Protection Regulation 679/2016 (GDPR [1]). 
• The structure has been updated to follow the ISO management system structure.