BS10012 - Data Protection Specification for a Personal Information Management System (PIMS)
BS10012: 2009 is the British standard that specifies the requirements for a Personal Information Management System (PIMS). BS10012 can be used to create a PIMS that helps organisations comply with the Data Protection Act (DPA). Learn more about the BS10012 standard and its relationship with the DPA on this page.
The Data Protection Act (DPA) sets out eight principles for securely managing personal information. The DPA does not articulate any detailed specification as to how these principles should be complied with, making it difficult for organisations to clearly identify what they have to do to satisfy themselves and others that their management systems are compliant. This is why BS10012 is so useful.
BS10012 sets out, in detail, all the actions that organisations should take to ensure that they do comply with the DPA. While compliance with BS10012 does not confer legal immunity, it will certainly put organisations in a position to demonstrate conclusively that they are following recognised best practice in personal information security.
BS10012 also recognises the role of ISO/IEC 27001 in providing effective information security management and, in particular, in achieving compliance with the seventh principle of the DPA.
You can find out more information and valuable resources about data security on the Information Commissioner’s Office website.