BS 10012 vs GDPR

What’s the difference between BS10012 and GDPR?

The General Data Protection Regulations (GDPR) are the requirements for data protection across the EU, laid down in law; therefore, every organisation that controls or processes personal data is legally obliged to comply with the requirements and must be able to demonstrate application of the data protection principles.

BS10012:2017 is a Standard – a framework –  to assist organisations in meeting the legal obligations laid out in the GDPR Articles and Recitals.  Not only does BS10012:2017 address all the operational requirements of GDPR within Clauses 5 – 8, it also addresses how businesses can ensure they align their data protection responsibilities within the overall strategy of the business through context, leadership and continual improvement.  But more importantly, it ensures ongoing compliance to GDPR.

Can I implement BS10012 instead of GDPR

Yes.   BS10012 incorporates all the requirements of GDPR, but the key benefit is that it drives ongoing review and improvement of controls implemented to manage these requirements – now and thereafter.

Neither GDPR or BS10012 alignment happens without input or effort.  Both require action and top level commitment from a business.  There is no ‘off the shelf’ magic answer as every business is different, with its own processes, people, clients and suppliers – all of which generate personal data that needs to be effectively managed within a business.