Top tips on implementing BS 10012 to meet GDPR requirements
BS 10012 is a British standard that outlines the
specifications for a Personal Information Management System (PIMS). This was introduced
in 2009 to help organisations manage personal information and comply with data
The standard was updated in 2017 to reflect the GDPR’s
requirements, making it an ideal framework for regulatory compliance. For
example, it includes specific guidance on each principal, helping organisations
meet the requirements of BS10012 and GDPR.
After implementing BS10012 for a number of organisations,
here are our Top tips on implementing BS10012.
Establish a PIMS team – this is not a one-person
job. You will need to have input from
all areas that are involved with personal data.
Carry out a Privacy Impact Assessment – It is
important to understand where all the personal identifiable data is within the
organisation, how it is collected and how it is disposed. (remember this is all Data – soft and hard
copies – get in to all the drawers and cupboards)
Data mapping – collate the information on a data
matrix, this would show all the information in one place.
Carry out a risk assessment – the data matrix
will flag up any risks that need addressing
Update documentations – Ensure all documents are
Training, training and more training – people
are the weakest link, ensure ALL staff have had BS 100012 training
Conduct Internal Audits – to verify compliance and
check your systems are effective.
Implementing a PIMS can be challenging so if you would like
assistance please contact us for further information on: firstname.lastname@example.org