top of page

   BS10012: Personal Information Management

The objective of BS10012:2017 is to enable organizations to put in place, as part of the overall information governance infrastructure, a personal information management system (PIMS) which provides a framework for maintaining and improving compliance with data protection requirements and good practice. In many cases, a PIMS will address the management of personal information that is held across a wide range of operational units and information technology based application systems. Much of this personal information might also be within the scope of other management systems within the organization [e.g. quality management (BS EN ISO 9001), environmental management(BS EN ISO 14001), asset management (ISO 55001), information security management (BS EN ISO/ IEC 27001)]. Where the organization has such multiple overlapping management systems, consideration needs to be given to utilizing a common approach such as that described in this compliance framework, 


This new version of BS 10012 has been written in recognition of the publication of the European Union General Data Protection Regulation (GDPR), which was approved by the European Parliament on 14 April 2016. This replaces the European Directive (95/46/EC) on 25 May 2018, which was implemented in the UK by the Data Protection Act 1998.

he GDPR is directly applicable to the UK and member states retain the ability to introduce national level derogations, where these are required for specific purposes. The UK has recently introduced the Data Protection Act 2018 which specifically references the GDPR. Compliance with EU and UK data protection legislation is monitored, regulated and enforced by the Information Commissioner (the UK's "supervisory authority"), who is responsible for promoting the protection of personal information.

For a confidential quote, please call Brian on 0161 486 3386 or alternatively complete the short questionnaire on this link

How can K7 help

K7 has experience in supporting businesses achieve certification in information security management systems (ISO 27001).

With the introduction of GDPR and changes to data protection legislation, information has become a very valuable commodity. In this age of the information revolution, protection of information has never been more important. We can help you protect your information by implmenting an information management system that will ensure your data is protected.

The Information Commissioner promotes good practice by the issue of guidance, rules on eligible complaints, provides information to individuals and organizations (acting as controllers and/or processors) and takes appropriate action when the law is broken. The Information Commissioner has powers to investigate complaints, make assessments as to whether processing is compliant with the national legislation, and issue information and enforcement notices. This British Standard is drafted using the rules specified for management system standards in the ISO Directives, Annex SL, and follows the common high level structure

bottom of page