BS 10012 - The standard for a personal information management system (PIMS)

Speak to an expert

For advice on BS 10012 or to find out how to get started with a PIMS, get in touch with a member of our BS 10012 team today.

What is BS 10012?

BS 10012 is a British standard that outlines the specifications for a PIMS. The framework has been developed to help organisations comply with the data protection requirements imposed by laws such as the EU’s GDPR (General Data Protection Regulation).

Buy your copy of BS 10012 today

What are the benefits of a PIMS?

A PIMS supported by BS 10012 upholds the principles of the GDPR and offers reassurance to stakeholders that personal data is managed in line with best practice.

  1. Demonstrate compliance with the GDPR and other data protection laws.
  2. Improve structure and focus of data privacy management.
  3. Embed personal data management in your organisation’s culture.
  4. Take a risk-based approach to data privacy management.
  5. Encourage continual improvement to adapt to changes inside and outside the organisation.
  6. Integrate with other leading standards for total GDPR compliance such as ISO 27001.

How to implement a PIMS

Implementing a management system requires a structured approach and involves the entire organisation.

Here are the key steps to meet the requirements of BS 10012

  1. Identify the requirements of stakeholders of the PIMS.
  2. Scope the PIMS to ensure all relevant areas are covered.
  3. Establish a project team and project leader.
  4. Involve top leadership and obtain their support.
  5. Develop PIMS objectives and draw up a PIMS policy.
  6. Build the necessary competence to implement and manage the PIMS.
  7. Undertake data inventory and data flow mapping exercises.
  8. Set up a process for establishing the legal basis for processing PII (personally identifiable information).
  9. Create PIAs (privacy impact assessments) and risk management structures.
  1. Establish a programme to incorporate privacy by design.
  2. Undertake staff awareness programmes.
  3. Develop the necessary PIMS policies and procedures, including processes for consent, subject access requests and data breaches.
  4. Introduce a process for sharing, storing, disposing and transferring data.
  5. Establish a continually improvement programme.
  6. Undertake an internal audit.
  7. Apply for certification (voluntary).

Certification to BS 10012

Organisations can use BS 10012 simply as a framework for good practice. Article 42 of the GDPR, however, encourages the use of independent certification schemes to demonstrate compliance. A PIMS certified to BS 10012 delivers an independent assessment of the organisation’s personal data management practices and enables organisations to prove that they have taken necessary and reasonable measures to comply with the GDPR. Whilst BS 10012 is not a complete model for GDPR compliance this PIMS will help to protect your organisation from personal data breaches and prove your credentials to partners, clients and your employees.

Achieve full GDPR compliance with BS 10012 and ISO 27001

Certifying to the international information security management standard (ISO 27001) in conjunction with BS 10012 enables organisations to not only demonstrate compliance with the privacy elements of the GDPR (and similar laws), but also the information security requirements (referred to as the technical and organisational measures required by Article 32).

BS 10012 has been developed in line with international management system standards such as ISO 27001 to eliminate duplication of standard practices.

If you're looking for guidance or support, we're here to help.

Discover how BS 10012 can help you demonstrate GDPR compliance

Download our free green paper for an introduction to BS 10012 and learn how implementing a PIMS can benefit your organisation.

Download now

How IT Governance can help you comply

IT Governance, a leading global provider of IT governance, risk management and compliance solutions, is at the forefront of helping organisations globally address the challenges of EU GDPR compliance.

BS 10012 (PIMS) implementation consultancy

With our consultants’ support, you will be able to save hours of unnecessary trial and error, and feel reassured that a global, experienced team is helping you achieve compliance.

Find out more about our BS 10012 (PIMS) consultancy services

BS 10012 training

Our BS 10012 training courses will teach how to improve your organisation’s data privacy management and demonstrate its compliance with the GDPR.

Find out more about our BS 10012 (PIMS) training courses

This website uses cookies. View our cookie policy
SAVE 25% ON
FOUNDATION TRAINING