Yes. BS10012 incorporates all the requirements of GDPR, but the key benefit is that it drives ongoing review and improvement of controls implemented to manage these requirements – now and thereafter.
Neither GDPR or BS10012 alignment happens without input or effort. Both require action and top level commitment from a business. There is no ‘off the shelf’ magic answer as every business is different, with its own processes, people, clients and suppliers – all of which generate personal data that needs to be effectively managed within a business.
How will BS 10012 add value to my business?
By implementing and certifying your business against BS 10012:2017, you will be able to demonstrate some clear advantages over your competitors:
Running a successful business is all about reducing risk wherever possible (BS10012 is a risk-based standard) and seeking opportunities to improve on the competition (BS10012 certification sets you apart from mere internal GDPR ‘compliance statements’).
You can confidently state that you have credible 3rd party assurance that you are meeting your data protection obligations under GDPR – through certification to BS10012 with a recognised certification body such as ISOQAR, BSI, LRQA, SGS etc.