Why you need to implement
BS 10012

BS 10012 is a British standard that outlines the specifications for a PIMS (personal information management system).

Introduced in 2009 to help organisations manage personal information and comply with data protection laws, BS 10012 was until recently a niche standard, but it has garnered fresh attention since the EU GDPR (General Data Protection Regulation) took effect.

This is because the Standard was updated in 2017 to reflect the GDPR’s requirements, making it an ideal framework for regulatory compliance. For example, it includes specific guidance on how to minimise the collection of personal data and how to keep stored information secure – two of the main tenets of the Regulation.

Here are some other benefits of implementing a BS 10012-compliant PIMS.

Reasons to adopt BS 10012

  • Improve the structure and focus of your data privacy management.
  • Embed personal data management into your organisation’s culture.
  • Take a risk-based approach to data privacy management.
  • Encourage continual improvement to adapt to changes inside and outside the organisation.
  • Integrate BS 10012 with ISO 27001, the international standard for information security.

How to implement BS 10012

Implementing a PIMS can be challenging, even for seasoned privacy professionals. IT Governance offers a range of consultancy services to help with BS 10012 compliance and offer a 100% certification guarantee on our ISO consultancy projects.

Find out more >>


For advice on where to begin, take a look at our free green paper: BS 10012: 2017 – An introduction to implementing a personal information management system (PIMS).

Download this guide to discover:

  • What BS 10012 is in more detail, and how it supports GDPR compliance;
  • More reasons for implementing a BC 10012-compliant PIMS;
  • The key requirements set out in the Standard; and
  • How the Standard can be used alongside other management standards, such as ISO 27001 and ISO 9001.

Download now >>