BS 10012:2017 - Data protection – Specification for a personal information management system

Find Similar Items

This product falls into the following categories.

You may find similar items within these categories by selecting from the choices below:

BS 10012:2017

Data protection. Specification for a personal information management system. Specification for a personal information management system

Status : Current   Published : March 2017



BS 10012 - Data protection

The objective of this British Standard is to enable organizations to put in place, as part of the overall information governance infrastructure, a personal information management system (PIMS) which provides a framework for maintaining and improving compliance with data protection requirements and good practice.

This new edition of BS 10012 has been written in recognition of the publication of the European Union General Data Protection Regulation (GDPR), which was approved by the European Parliament on 14th April 2016. This replaces the European Directive (95/46/EC), which was implemented in the UK by the Data Protection Act 1998, on 25th May 2018. The GDPR will be directly applicable to the UK and member states who retain the ability to introduce national level derogations where these are required for specific purposes; however the results of the referendum on the UK's membership of the European Union make it unclear how the GDPR will be implemented – such issues will be monitored and updates to this British Standard will be issued where necessary.

Amongst the changes from the 2009 edition of BS 10012, are:

  • New definition of personal and sensitive data;
  • Restrictions on profiling using personal data;
  • New administrative requirements for data privacy officers;
  • Pseudonymous data specifically covered;
  • Abolishing of notification/registration requirement;
  • New stricter require for consent for processing;
  • Changes to subject access and other rights for data subjects;
  • Enhanced right to erasure and new right to profitability;
  • Security breach notification requirement;
  • Privacy by design and privacy impact assessment requirements;
  • Extension of the law to cover data processors;
  • Removal of the safe Harbour ground for data transfers to the U.S.

Many of these changes are as a result of the GDPR requirements. 

Implementing BS 10012 will support many organisations in their implementation of an appropriate “Information Governance” strategy.  It will also help in protecting the organisation from the fear of significant fines and reputational damage following GDPR non-compliance, as well as helping to reduce the ‘actual’ cost of recovery following privacy breaches.

Standard NumberBS 10012:2017
TitleData protection. Specification for a personal information management system. Specification for a personal information management system
Publication Date31 March 2017
Cross ReferencesBS EN ISO 9000:2015, BS EN ISO 9001, BS EN ISO 14001, BS EN ISO 19011, BS ISO 31000, BS ISO 55001, BS ISO/IEC 20000-1:2011, BS EN ISO/IEC 27001, BS ISO/IEC 27018, PAS 99, PD ISO/TR 18128:2014, PD ISO Guide 73:2009
ReplacesBS 10012:2009
DescriptorsData processing, Organizations, Management operations, Legal liability, Information, Data transfer, Legislation, Data security, Data storage, Data, Data storage protection, People, Management, Documents
ISBN978 0 580 93774 3
File Size1.168 MB

 Your basket
Your basket is empty

Take the smart route to manage medical device compliance

Worldwide Standards
We can source any standard from anywhere in the world


The faster, easier way to work with standards

Collaborate, Innovate, Accelerate.

Customers who bought this product also bought

  • BS EN ISO/IEC 27001:2017
    Information technology. Security techniques. Information security management systems. Requirements
  • BS 10010:2017
    Information classification, marking and handling. Specification