Home

Standards

Membership

Conferences

Training

Books & CDs

Online Tools

PAS

Affiliates

Distributors

Licensing

Search all products by

Share |

Latest Releases

Popular Standards

Browse by Sector

Browse by Subject

Data Protection & Freedom of Information Standards

Get the BSI Newsletters - quick sign-up here

Home
Standards & Books
Related Information
Training
News

Data protection: managing personal information

One in five businesses admit breaching the Data Protection Act

If your business requires you to store personal data, such as details of customers or employees, then you must comply with the Data Protection Act 1998.

The purpose of data protection legislation is to ensure that personal data is not processed without the knowledge and, except in certain cases, the consent of the data subject. It is meant to ensure that personal data is accurately processed, and to enforce a set of standards for the processing of the information.

As such it is becoming an increasingly important piece of legislation, affecting the day-to-day operation of almost all organizations. Research undertaken by BSI found that 1 in 3 businesses believe the complexity of the Act restricts their compliance, with 1 in 5 admitting that they may have unwittingly committed a breach, not simply by failing to hold personal information securely but by neglect of other legal obligations.

The British Standard BS 10012:2009 Data protection. Specification for a personal Information management system offers guidance on how to implement a framework with which to effectively manage personal information (a Personal Information Management system, or PIMS). It provides guidance on putting in place an infrastructure for maintaining and improving compliance with the Data Protection Act.

Rather than prescribing exactly how operations should be run, BS 10012 provides the framework which enables effective management of personal information. It can be used by organizations of any size and sector to create a tailored management system which includes procedures in areas such as training and awareness, risk assessment, data sharing, retention and disposal of data and disclosure to third parties.

BSI has also developed BSI Data Protection Online, a tool to help you ensure your PIMS meets the requirements of the standard. It offers access to a library of updated guidance and relevant case studies.

Personal data is one of your most valuable assets. Via effective management, your organization can benefit, not just by reducing the risk of non-compliance with your obligations under data protection legislation, but also by finding opportunities to deliver better value to your customers. By becoming more confident in how you manage customer data, you can in turn gain their trust.

BSI offers a range of standards, publications and training designed to ensure your business complies with the Data Protection Act. A guidance book supports the data protection standard BS 1002 and can help with its implementation. If you use live data in system testing, there is also a book that provides invaluable guidance.

Standard for data protection

Standard for data protection
BS 10012:2009
Data protection. Specification for a personal information management system

book cover Data Protection Pocket Guide: Essential Facts at Your Fingertips
Nicola McKilligan and Naomi Powell

Download a sample chapter

Data Protection: Guidelines for the Use of Personal Data in Systems Testing
Louise Wiseman and Jenny Gordon

Download Chapter 1 free

Read more about freedom of information

Privacy in E-Business. Promoting Respect, Trust and Confidence in Your Organization

William Roebuck

Zurich's response to the Information Commissioner's Office (ICO) publication

Businesses need to be alert to the proper management of personal information. Protecting data with BS 10012

Data Dilemma: One in five businesses admit breaching the Data Protection Act

The Guide to Data Protection has been reviewed by The Chartered Institute for IT "I ended up reading it cover-to-cover as it was packed full of interesting advice on ‘how to’ as well as ‘what to’ in relation to data protection... Overall, an excellent book that covers a lot of ground in just 124 pages and provides all you need to know to comply with the DPA and start considering whether you need certification to BS10012 or not." The Chartered Institute for IT
Read the full article from The Chartered Institute for IT

This year marks the 25th anniversary of data protection regulation in the UK. Does the fact that such legislation exists mean that standards do not have a big role to play in the data protection puzzle? Read the latest Viewpoint article

Making European data protection law fit for the 21st century

The Information Commissioner’s Office (ICO) have published a report on the EU Data Protection Directive. Read RAND Europe’s study.

Read an article about BS 10012 the data protection standard, featured in Quality World, the journal of the Chartered Quality Institute (QCI).

A new online tool to help you with implementing data protection compliance BSI Data Protection Online
This new data protection tool will enable you to assess your companies data protection compliance in line with BS 10012:2009 and also give you instant access to a growing online resource. Read more about BSI Data Protection Online

See the standards and guidance books for evidential weight & legal admissibility of electronic information, BS 10008.

Get some top tips on data protection compliance with BSI's data protection videos on BSI's YouTube channel.

Data Protection - it is all around us
Top Tips on Adhering to Data Protection Act - Breda Corish, BSI

Catch up on the latest industry standard news at BSI's dedicated news page for ICT continuity

Need other ICT publications?
Visit BSI's IT website

Download the BSI ICT Brochure

View drafts and comment on standards in development
http://drafts.bsigroup.com/

BSI offers courses on data protection, freedom of information, information management and law training

Data protection training

ISEB Certificate in Data Protection
The ISEB Certificate in Data Protection has been designed to meet the needs of everyone working with personal data, giving them a comprehensive understanding of the wider data protection issues.
Read more

Data Protection for the Not-for-profit and Charity Sector Training Course
This course provides a step-by-step guide through the main legal requirements of the Data Protection Act and what they mean for not-for-profit organizations. Throughout the course, hints, tips, guidance, conducting a data audit, constructing privacy statements, cookies and website tracking, as well as real life scenarios will be explored.
Data Protection Subject Access Training Course
This seminar provides practical guidance on how to achieve compliance cost effectively. It examines subject access and shows how to develop the infrastructure to handle requests within the 40-day time limit. Delegates will examine the management of subject access requests and the development of key policies.
Data Protection and Information Security
This essential course explains the relationship between DPA and Information Security identifying the responsibilities and protocols to protect personal data; thus greatly increasing organizational efficiency, improving customer confidence, and enabling compliance with the legal requirements of Principle 7.
Conducting a Data Protection Audit Training Course
Using the BSI Pre-Audit workbook, this course considers auditing your data management systems to ensure that non-compliance issues are addressed before they occur. Annual auditing creates an on-going process for continual improvement.
ISEB Certificate in Freedom of Information
The ISEB Certificate in Freedom of Information is appropriate for those experienced in Freedom of Information and those new to the subject.
Certificate in Information Security Management Principles (CiISMP)
The ISEB Certificate in Information Security Management Principles has been designed to give delegates the information and guidance they need to fulfil their roles as information security professionals.
Read more

Cyber crime costs small businesses £800m
21 May 2013

Data protection 'divides workforce'
18 April 2013

Quarter of customers 'don't trust any business to keep online data safe'
17 April 2013

Government and businesses join forces against cyber crime
27 March 2013

Over 4 million Brits have been victims of cyber crime
12 March 2013

ICO briefs mobile developers on data protection
06 March 2013

EU industry committee backs data protection reforms
21 February 2013

ICO claims compulsory data protection audits are needed
08 February 2013

Could biometric features help prevent rise in password hacking?
17 January 2013

Firms 'cannot afford to cut corners on data security'
31 December 2012

Local government 'has problem with data protection'
27 December 2012

Study identifies 'much of the world's data is unprotected'
20 December 2012

IBM employs nanotechnology to manage big data
11 December 2012

ICO welcomes Leveson data protection proposals
07 December 2012

Data protection ignorance 'placing information at risk'
20 November 2012

Mobile malware and database threats pose increasing risk to IT
19 November 2012

Concerns raised about utility meter data protection
06 November 2012

Warning issued over sensitive data following £120k fine
30 October 2012

Private sector 'using innovative approaches to data protection'
17 October 2012

Firms advised of data protection standards in the cloud
03 October 2012

Visit the Data Protection & Freedom of Information news archive

Return to Data Protection & Freedom of Information homepage

Your basket

Your basket is empty

Join Us

Find out more & interact with BSI across social media networks

Up to date?

Get a standards healthcheck