BS 10012

BS 10012 is the British Standard for Data Protection. It is the specification for a personal information management system (PIMS) and has been developed to establish best practice and aid compliance with the Data Protection Act (DPA) in the UK. It is the first standard for the management of personal information.

BS 10012 specifies the requirements for a PIMS, which provides an infrastructure for, among other things, maintaining and improving compliance with the DPA.

Rather than prescribing exactly how operations should be run, BS 10012 provides the framework which will enable effective management of personal information and includes procedures in areas such as:

  • awareness;
  • data sharing;
  • disposal;
  • retention;
  • risk assessment;
  • training.

of personal data and disclosure to third parties.

BS 10012 was developed by a panel of experts including representatives from industry, government, academia and consumer groups. A three month public comment period produced a high number of comments all of which were considered by the panel before preparation of the final version of the standard.

BS 10012 is for use by organizations of any size, in both the public and private sectors. It is meant for use by anyone responsible for initiating, implementing and maintaining a PIMS within an organization.

BS 10012 aims to provide a common ground for the management of personal information for providing confidence in its management, and for enabling an effective assessment of compliance with amongst other things the DPA by both internal and external auditors.

British Standards can be purchased from the British Standards Institutive Shop (BSi)