BS 10012 Data protection. Specification for a personal information management system
Maintenance will be taking place for BSI Shop on Saturday 15th December between 08:00 and 15:30 UK time. BSI Shop will be unavailable or will have limited functionality during this time. Please do not make any purchases while this work is being carried out. Please accept our apologies for any inconvenience caused during this essential maintenance work.

Find Similar Items

This product falls into the following categories.

You may find similar items within these categories by selecting from the choices below:

BS 10012:2009

Data protection. Specification for a personal information management system

Status : Superseded, Withdrawn   Published : May 2009 Replaced By : BS 10012:2017+A1:2018

*To ask about withdrawn titles contact the BSI Knowledge Centre,
+44 20 8996 7004

What is BS 10012:2009?

BS 10012 has been developed to help companies establish and maintain a best practice personal information management system that complies with the Data Protection Act 1998. It is the first standard that relates to the management of personal information. By following the framework set out within BS 10012, organisations can improve their data storage protection and manage data processing and data transfers better – so that they comply with legislation.

How does it work?

BS 10012 starts by demonstrating how to plan for an effective personal information management system. The standard then shares practical advice on the implementation and operation, and concludes with ways to monitor, review and improve the system to ensure compliance with the Data Protection Act 1998.

Who should buy it?

  • Public and private sector organisations of any size
  • Anyone responsible for initiating, implementing and maintaining a personal information management system
  • Regulatory bodies
  • Quality assurers

BSI's Data Protection Online ToolWhy BSI?

We are global, we’re independent and we’re a trusted service provider to 80,000 businesses. We operate in 147 countries and are the number one certification body in the UK and US. We created 85% of our portfolio because we know standards and we know your business. We’re leaders and we can make you one too.



Also Available

New edition of the popular guide for data protection

Data Protection Pocket Guide: Essential Facts at Your Fingertips (2nd edition)
Nicola McKilligan and Naomi Powell


New edition of the guide to system testing using personal data

Data Protection: Guidelines for the use of personal data in system testing (2nd Edition)
Louise Wiseman and Jenny Gordon


what the press are saying Find out what the press are saying



Go to the Data Protection homepage

Standard NumberBS 10012:2009
TitleData protection. Specification for a personal information management system
StatusSuperseded, Withdrawn
Publication Date31 May 2009
Confirm Date01 July 2014
Withdrawn Date01 May 2018
Cross ReferencesBS EN ISO 9000:2005, BS EN ISO 9001, BS EN ISO 14001:2004, BS ISO/IEC 20000, BS ISO/IEC 27001, BIP 0012, Data Protection Act 1998, 95/46/EC, Freedom of Information Act 2000, 2006/24/EC, 2002/58/EC
Replaced ByBS 10012:2017+A1:2018
Draft Superseded By09/30175848 DC
DescriptorsManagement, Data processing, People, Legal liability, Data transfer, Data storage protection, Data, Legislation, Management operations, Documents, Data storage, Information, Data security, Organizations
ISBN978 0 580 61550 4
File Size156 KB

*To ask about withdrawn titles contact the BSI Knowledge Centre,
+44 20 8996 7004
 Your basket
Your basket is empty

Take the smart route to manage medical device compliance


The faster, easier way to work with standards

Collaborate, Innovate, Accelerate.

Get ISO 45001

BSI Essentials: All-in-one BSI online toolkit for BS ISO 45001

Customers who bought this product also bought

  • BS ISO/IEC 27005:2011
    Information technology. Security techniques. Information security risk management
  • BS 10008:2008
    Evidential weight and legal admissibility of electronic information. Specification
  • BS EN 15713:2009
    Secure destruction of confidential material. Code of practice