BS 10012 - Personal Information Management System

    Standards and Frameworks

    BS 10012 - Personal Information Management System

    BS 10012 provides a framework for Personal Information Management System, helping organizations to maintain and improve compliance with data protection legislation, such as EU GDPR, and helping organizations to build confidence among stakeholders.

    Last Updated: July 24, 2019

  • General

    BS 10012 Personal Information Management System is a British standard provided by the British Standards Institution (BSI). BSI is the national standards body of the United Kingdom.

    BS 10012 was initially published to help users comply with the 95/46/EC Directive in personal information management. BS 10012:2017+A1:2018 is the most updated version in recognition of the European General Data Protection Regulation (EU GDPR). It sets out requirements for a personal information management system and aligns with the GDPR principles . The standard outlines core requirements organizations need to consider when collecting, storing, processing, retaining or disposing of personal records related to individuals. It covers areas such as privacy risk assessment, privacy by design and by default, data protection officer, data retention and disposal, and employee security awareness training.

    BS 10012 applies to organizations of all size in both public and private sectors. It provides special guidelines for SMEs to build a personal information management system under BS 10012.

    For BS 10012 compliance, BSI emphasizes the importance for businesses to obtain support and commitment from high-level management, establish or maintain good internal communication, assess current personal information management practice through consumer and supplier feedback, establish an implementation team if necessary, have employee training in place, and regularly review the BS 10012 system after establishment to keep improving the system. The guidelines can be purchased from both BSI and ANSI website. In addition, BSI provides certification to BS 10012 compliance.

Want to learn more? Login to the full DataGuidance platform.

About OneTrust

OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust's three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit or connect on LinkedIn, Twitter and Facebook.