Why should I be certified to BS 10012 instead of basic GDPR?

Can I implement BS 10012 instead of GDPR

Yes. BS10012 incorporates all the requirements of GDPR, but the key benefit is that it drives ongoing review and improvement of controls implemented to manage these requirements – now and thereafter.
Neither GDPR or BS10012 alignment happens without input or effort. Both require action and top level commitment from a business. There is no ‘off the shelf’ magic answer as every business is different, with its own processes, people, clients and suppliers – all of which generate personal data that needs to be effectively managed within a business.

How will BS 10012 add value to my business?

By implementing and certifying your business against BS 10012:2017, you will be able to demonstrate some clear advantages over your competitors:

  • Commitment to protecting client and stakeholder personal data – independently assessed by a 3rd party certification body
  • Identify risks to personal information and implement controls to mitigate them – reducing risk for both your organisation, and any clients whose personal data you may process
  • Utilise a management system to actively demonstrate compliance with both the GDPR and the revised UK Data Protection Act
  • Continually improve your management of personal data against recognised best practice and improved controls
  • Proactively protect your reputation – both in the market and to your interested parties
  • Achieve competitive advantage when tendering for new business

Running a successful business is all about reducing risk wherever possible (BS10012 is a risk-based standard) and seeking opportunities to improve on the competition (BS10012 certification sets you apart from mere internal GDPR ‘compliance statements’).

You can confidently state that you have credible 3rd party assurance that you are meeting your data protection obligations under GDPR – through certification to BS10012 with a recognised certification body such as ISOQAR, BSI, LRQA, SGS etc.