BS 10012:2017+A1:2018 Data protection. Specification for a personal information management system.

BS 10012:2017+A1:2018

Data protection. Specification for a personal information management system

Status : Current   Published : March 2017



What is this standard about?

It shows organizations how to implement a Personal Information Management System (PIMS). This will help them reach a good standard of information governance and comply with legal personal data protection requirements.  

Who is this standard for?

Any and all organizations holding the personal information of clients and/or staff and wishing to maintain compliance with current regulation and good practice.

Why should you use this standard?

As part of an overall information management system, this standard enables organizations to put a Personal Information Management System (PIMS) in place which provides a framework for maintaining and improving compliance with data protection requirements and good practice.

The standard was updated in 2017 to reflect new requirements in the EU’s General Data Protection Regulation (GDPR) which came into force on 25 May 2018.

This 2018 amendment takes in further small changes as a result of the UK Data Protection Act 2018.

Use of the standard will help organizations avoid compliance breaches, significant fines and reputational damage, as well as reduce the actual cost of recovery following a privacy breach. 

It will also help organizations implement an appropriate information governance strategy.

What’s changed since the last update?

This 2018 amendment covers minor changes to some clauses, these have been updated to reflect the UK Data Protection Act 2018.

The changes made in the 2017 edition were as a result of GDPR requirements and still remain in BS 10012:2017+A1:2018. These include:

  • Definition of personal and sensitive data
  • Restrictions on profiling using personal data
  • New administrative requirements for data privacy officers
  • Pseudonymous data specifically covered
  • Abolishing of notification/registration requirement
  • New stricter requirements for consent for processing
  • Changes to subject access and other rights for data subjects
  • Enhanced right to erasure and new right to portability
  • Security breach notification requirement
  • Privacy by design and privacy impact assessment requirements
  • Extension of the law to cover data processors

Removal of the safe harbour ground for data transfers to the U.S.

Standard NumberBS 10012:2017+A1:2018
TitleData protection. Specification for a personal information management system
Publication Date31 March 2017
Normative References(Required to achieve compliance to this standard)No other standards are normatively referenced
Informative References(Provided for Information)BS ISO 55001, Freedom of Information Act 2000, Data Protection Act 2018, BS EN ISO 9001, Data Protection (Charges and Information) Regulations, BS ISO/IEC 27018, BS ISO/IEC 20000, Data Protection Act 1998, Data Protection (Charges and Information) Regulations 2018, BIP 0012, PAS 99, BS EN ISO 14001, BS EN ISO 19011, BS ISO/IEC 27001, BS ISO 31000, Digital Economy Act 2017, BS ISO/IEC 20000-1:2011, PD ISO/TR 18128:2014, PD ISO GUIDE 73:2009, BS EN ISO 9000:2015
ReplacesBS 10012:2009
Amended ByAmendment, July 2018
Draft Superseded By18/30378573 DC
DescriptorsInformation, Fittings (pipes), Testing conditions, Data security, Legal liability, Management, Data processing, Data, People, Data transfer, Documents, Plastic pipes, Thermoplastic polymers, Data storage, Data storage protection, Legislation, Organizations, Management operations, Acrylonitrile butadiene styrene
ISBN978 0 539 01173 9
File Size1.226 MB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents

Worldwide Standards
We can source any standard from anywhere in the world

Develop a PAS

Develop a fast-track standardization document in 9-12 months

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version

Customers who bought this product also bought