BS 10012 Data protection. Specification for a personal information management system

BS 10012:2009

Data protection. Specification for a personal information management system

Status : Superseded, Withdrawn   Published : May 2009 Replaced By : BS 10012:2017+A1:2018

*To ask about withdrawn titles contact the
Customer Relations, +44 345 086 9001

What is BS 10012:2009?

BS 10012 has been developed to help companies establish and maintain a best practice personal information management system that complies with the Data Protection Act 1998. It is the first standard that relates to the management of personal information. By following the framework set out within BS 10012, organisations can improve their data storage protection and manage data processing and data transfers better – so that they comply with legislation.

How does it work?

BS 10012 starts by demonstrating how to plan for an effective personal information management system. The standard then shares practical advice on the implementation and operation, and concludes with ways to monitor, review and improve the system to ensure compliance with the Data Protection Act 1998.

Who should buy it?

  • Public and private sector organisations of any size
  • Anyone responsible for initiating, implementing and maintaining a personal information management system
  • Regulatory bodies
  • Quality assurers

BSI's Data Protection Online ToolWhy BSI?

We are global, we’re independent and we’re a trusted service provider to 80,000 businesses. We operate in 147 countries and are the number one certification body in the UK and US. We created 85% of our portfolio because we know standards and we know your business. We’re leaders and we can make you one too.



Also Available

New edition of the popular guide for data protection

Data Protection Pocket Guide: Essential Facts at Your Fingertips (2nd edition)
Nicola McKilligan and Naomi Powell


New edition of the guide to system testing using personal data

Data Protection: Guidelines for the use of personal data in system testing (2nd Edition)
Louise Wiseman and Jenny Gordon


what the press are saying Find out what the press are saying



Go to the Data Protection homepage

Standard NumberBS 10012:2009
TitleData protection. Specification for a personal information management system
StatusSuperseded, Withdrawn
Publication Date31 May 2009
Confirm Date01 July 2014
Withdrawn Date01 May 2018
Normative References(Required to achieve compliance to this standard)No other standards are normatively referenced
Informative References(Provided for Information)BS EN ISO 9001, BS ISO/IEC 27001, BIP 0012, BS EN ISO 14001:2004, BS EN ISO 9000:2005, BS ISO/IEC 20000
Replaced ByBS 10012:2017+A1:2018
Draft Superseded By09/30175848 DC
DescriptorsManagement, Data processing, People, Legal liability, Data transfer, Data storage protection, Data, Legislation, Management operations, Documents, Data storage, Information, Data security, Organizations
ISBN978 0 580 61550 4
File Size2.451 MB

*To ask about withdrawn titles contact the
Customer Relations, +44 345 086 9001
 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version

Worldwide Standards
We can source any standard from anywhere in the world

Develop a PAS

Develop a fast-track standardization document in 9-12 months

Customers who bought this product also bought

  • BS ISO/IEC 27005:2011
    Information technology. Security techniques. Information security risk management
  • BS 10008:2008
    Evidential weight and legal admissibility of electronic information. Specification
  • BS EN 15713:2009
    Secure destruction of confidential material. Code of practice