Data Protection & Freedom of Information Standards

  Get the BSI Newsletters - quick sign-up here

Data protection: managing personal information

One in five businesses admit breaching the Data Protection Act

If your business requires you to store personal data, such as details of customers or employees, then you must comply with the Data Protection Act 1998.

The purpose of data protection legislation is to ensure that personal data is not processed without the knowledge and, except in certain cases, the consent of the data subject. It is meant to ensure that personal data is accurately processed, and to enforce a set of standards for the processing of the information.

As such it is becoming an increasingly important piece of legislation, affecting the day-to-day operation of almost all organizations. Research undertaken by BSI found that 1 in 3 businesses believe the complexity of the Act restricts their compliance, with 1 in 5 admitting that they may have unwittingly committed a breach, not simply by failing to hold personal information securely but by neglect of other legal obligations.

The British Standard BS 10012:2009 Data protection. Specification for a personal Information management system offers guidance on how to implement a framework with which to effectively manage personal information (a Personal Information Management system, or PIMS). It provides guidance on putting in place an infrastructure for maintaining and improving compliance with the Data Protection Act.

Rather than prescribing exactly how operations should be run, BS 10012 provides the framework which enables effective management of personal information. It can be used by organizations of any size and sector to create a tailored management system which includes procedures in areas such as training and awareness, risk assessment, data sharing, retention and disposal of data and disclosure to third parties.

BSI has also developed BSI Data Protection Online, a tool to help you ensure your PIMS meets the requirements of the standard. It offers access to a library of updated guidance and relevant case studies.

Personal data is one of your most valuable assets. Via effective management, your organization can benefit, not just by reducing the risk of non-compliance with your obligations under data protection legislation, but also by finding opportunities to deliver better value to your customers. By becoming more confident in how you manage customer data, you can in turn gain their trust.

BSI offers a range of standards, publications and training designed to ensure your business complies with the Data Protection Act. A guidance book supports the data protection standard BS 1002 and can help with its implementation. If you use live data in system testing, there is also a book that provides invaluable guidance.

Standard for data protection

Standard for data protection
BS 10012:2009
Data protection. Specification for a personal information management system 

Read more and order the data protection standard

 book coverData Protection Pocket Guide: Essential Facts at Your Fingertips
Nicola McKilligan and Naomi Powell

Download a sample chapter

Read more about guidance for data protection

BIP 0002:2009Data Protection: Guidelines for the Use of Personal Data in Systems Testing
Louise Wiseman and Jenny Gordon

Download Chapter 1 free

Read more about handling personal data


bip 0086Freedom of information. A Guide for the UK Private Sector
Kenneth Mullen and Kelly Harris

Download Chapter 1

Read more about freedom of information

Privacy in E-Business. Promoting respect, trust and confidence in your organizationPrivacy in E-Business. Promoting Respect, Trust and Confidence in Your Organization

William Roebuck

Read more about compliance with privacy legislation


Download our consumers' guide to BS 10012 Data Protection



Zurich's response to the Information Commissioner's Office (ICO) publication

Businesses need to be alert to the proper management of personal information. Protecting data with BS 10012


Data Dilemma: One in five businesses admit breaching the Data Protection Act

The Guide to Data Protection has been reviewed by The Chartered Institute for IT "I ended up reading it cover-to-cover as it was packed full of interesting advice on ‘how to’ as well as ‘what to’ in relation to data protection... Overall, an excellent book that covers a lot of ground in just 124 pages and provides all you need to know to comply with the DPA and start considering whether you need certification to BS10012 or not." The Chartered Institute for IT
Read the full article from The Chartered Institute for IT

This year marks the 25th anniversary of data protection regulation in the UK. Does the fact that such legislation exists mean that standards do not have a big role to play in the data protection puzzle? Read the latest Viewpoint article 


Making European data protection law fit for the 21st century

The Information Commissioner’s Office (ICO) have published a report on the EU Data Protection Directive. Read RAND Europe’s study.

Read an article about BS 10012 the data protection standard, featured in Quality World, the journal of the Chartered Quality Institute (QCI).

A new online tool to help you with implementing data protection compliance BSI Data Protection Online
This new data protection tool will enable you to assess your companies data protection compliance in line with BS 10012:2009 and also give you instant access to a growing online resource. Read more about BSI Data Protection Online

See the standards and guidance books for evidential weight & legal admissibility of electronic information, BS 10008.

Get some top tips on data protection compliance with BSI's data protection  videos on BSI's YouTube channel.

Catch up on the latest industry standard news at BSI's dedicated news page for ICT continuity

Need other ICT publications?
Visit BSI's IT website

Download the BSI ICT Brochure

View drafts and comment on standards in development

BSI offers courses on data protection, freedom of information, information management and law training

Data protection training 

  • ISEB Certificate in Data Protection
    The ISEB Certificate in Data Protection has been designed to meet the needs of everyone working with personal data, giving them a comprehensive understanding of the wider data protection issues.
    Read more 
  • Data Protection for the Not-for-profit and Charity Sector Training Course
    This course provides a step-by-step guide through the main legal requirements of the Data Protection Act and what they mean for not-for-profit organizations. Throughout the course, hints, tips, guidance, conducting a data audit, constructing privacy statements, cookies and website tracking, as well as real life scenarios will be explored.
  • Data Protection Subject Access Training Course
    This seminar provides practical guidance on how to achieve compliance cost effectively. It examines subject access and shows how to develop the infrastructure to handle requests within the 40-day time limit. Delegates will examine the management of subject access requests and the development of key policies.
  • Data Protection and Information Security
    This essential course explains the relationship between DPA and Information Security identifying the responsibilities and protocols to protect personal data; thus greatly increasing organizational efficiency, improving customer confidence, and enabling compliance with the legal requirements of Principle 7.
  • Conducting a Data Protection Audit Training Course
    Using the BSI Pre-Audit workbook, this course considers auditing your data management systems to ensure that non-compliance issues are addressed before they occur. Annual auditing creates an on-going process for continual improvement.
  • ISEB Certificate in Freedom of Information
    The ISEB Certificate in Freedom of Information is appropriate for those experienced in Freedom of Information and those new to the subject.
  • Certificate in Information Security Management Principles (CiISMP)
    The ISEB Certificate in Information Security Management Principles has been designed to give delegates the information and guidance they need to fulfil their roles as information security professionals.
    Read more

Visit the Data Protection & Freedom of Information news archive

Return to Data Protection & Freedom of Information homepage

 Your basket
Your basket is empty

Up to date?

Get a standards healthcheck

Join Us

Find out more & interact with BSI across social media networks


Access, view and download standards with multiple user access, across multiple sites with BSOL