The Basics of BS 10012
BS 10012 is the British standard for Personal Information Management, and provides a framework for maintaining and improving compliance with data protection requirements and good practice.
It covers topics such as privacy impact assessment, risk assessments, data retention and disposal, privacy by design and employee awareness training; helping you to put policies and procedures in place to effectively manage the personal information of individuals.
Alignment with BS 10012
BS 10012:2017 provides the framework to implement a personal information management system around the principles of Data Protection (GDPR):
- Principle (a) Lawfully, fairly and transparently processed (Clause 8.2.6);
- Principle (b) Obtained only for specific legitimate purposes Clause 8.2.7);
- Principle (c) Adequate, relevant, limited in line with data limitation principles (Clause 8.2.8);
- Principle (d) Accurate and up to date, with every effort to erase or rectify without delay (Clause 8.2.9);
- Principle (e) Stored in a form that permits identification no longer than necessary (Clause 8.2.10);
- Principle (f) Ensure appropriate security, integrity and confidentiality of personal information using technological and organizational measures (Clause 8.2.11).
- General Accountability for the above
I already have an ISO certification, can I integrate BS 10012?
BS 10012:2017 follows the ‘Plan-Do-Check-Act’ continuous improvement model and is aligned to ISO Annex SL, adopted by all key management system standards, enabling organisations to integrate their PIMS with other standards, notably ISO/IEC 27001:2013. It is also a standard which organisations can now certify against.
Who needs to be involved in BS 10012?
Do all my staff need to be involved in BS 10012?
Successful implementation is a team effort.
It starts with the top – Senior Management need to be fully onboard and committed to achieving data protection best practice. If this is secured, then everything else will flow from there.
In order to effectively identify all the personal data within your organisation you need to involve all areas of the business.
All too often businesses are concerned with just the data they may process for their clients – normally because they’re being questioned about data protection by their clients!
Or on the flip side, businesses are overly concerned with staff or finance data – excluding all the other client-related personal data they may be controlling in the business.
With BS 10012 – all personal data is captured and recorded to ensure that all risks are considered.
Thereafter, all staff require a level of data protection training to ensure that they understand their responsibilities in relation to personal data. Unfortunately, as has been proven many times before, people will always be the weakest link when it comes to data protection breaches. Ensuring all staff are trained is fundamentally one of the most important steps to take in implementing BS 10012:2017
This extends out to key suppliers or partners depending on whether personal data is shared/ transferred outside of the business.
How to go about implementing BS 10012
The first step to Implementing BS 10012 would be to carry out a Gap Analysis to identify where the gaps are in your Personal Information Management. Evaluate the results and formulate a plan to put the correct policies and procedures in place to be compliant. This evaluation will also highlight any potential existing risks with your personal information management, which can then be addressed as you create your management system.
Unless you are familiar with BS 10012 requirements, we suggest seeking out guidance or support with the process of establishing a management system. Blackmores also offer assistance with BS 10012, so feel free to contact us for more information.
ONI successfully recommended for BS 10012 certification
Leading the way in GDPR compliance, Blackmores are delighted to announce that ONI Plc have been recommended for certification to the updated British Standard for Personal Information BS 10012:2017 with Certification body Alcumus ISOQAR.
The standard was updated in 2017 to provide a framework to support organisations to align their Personal Data Protection Policies and procedures with the GDPR requirements coming into force on the 25th May 2018.
Supporting ONI Plc to integrate their robust information security (ISO 27001) controls with BS 10012 to demonstrate commitment to GDPR, we are delighted that ONI Plc are the first to be recommended for certification.
What is BS 10012?
Any organisation that processes personal information should ensure that it protects the privacy of the people it affects.
BS 10012 provides a framework for maintaining and improving compliance with data protection requirements and good practice.
This webinar washeld on the 16th March at 12pm-12:45pm. This webinar will covers the following:-
- What is BS10012:2017?
- What’s the difference between BS10012 and GDPR?
- How will BS10012 add value to my business?
- What is the best approach to implementing BS10012?
- Who needs to be involved?
- Is BS10012 certification recognised?
- How Blackmores can help you to achieve BS10012 certification
Our 7 Steps to Success
The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.
Whether you choose to work with one of our isologist consultants or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!
What our clients have to say
The support and advise I get from our assigned auditors is immense. Forward planning for the following year is great and they are flexible and always willing to help.
“Blackmores have assisted us almost since the start of our adoption of the ISO 9001 quality standard. Their input has improved our processes since the start, and enabled our goal of continuous improvement to be achieved. The people are also extremely easy to get on with, and they really understand our business, giving us a great deal of confidence in their advice.”
“Blackmores are the perfect bridge between working on your ISO as an individual or company, to being audited each year. We find that any queries we have are covered and we feel sure that we have everything as needs be before going into an external audit.”
“We have been extremely impressed with the service and support provided by Blackmores. There knowledge and assistance through out our ISO journey has been amazing!”
“Blackmores have really kept us on our toes with the broad scope and level of detail they apply to our internal audit schedule. They always stay abreast of ISO standard changes and help us to adapt our processes and documents to embrace these changes accordingly. Having Blackmores shadow our external audits provides invaluable confidence and peace of mind – would highly recommend their services!”
“Our ISO 27001 certification project has gone so well, that there was no doubt in who we were going to ask to help us with our aspirations of becoming ISO 14001 certified. It’s been an absolute pleasure working with Blackmores, and we are really looking forward to working with them for the foreseeable future.”
Trusted by leading organisations across all sectors, we support companies of all sizes in any location.
Listen to our Podcast
Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.
Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.