Personal information security has never been more significant. Any organization that handles personally identifiable information (PII) has a responsibility to confirm the security of privacy data. Organizations essential show that they take privacy management seriously, especially now that new regulations, such as the General Data Protection Regulation (GDPR), have been introduced.
BS 10012:2017 is a British Standard for Personal Information Management Systems (PIMS) that delivers a best practice framework for helping organizations develop procedures in the collection, handling, storage and deletion of personal data. The BS 10012 standard also contributions maintenance and expands their obedience with legal requirements such as the EU’s GDPR scheme. In Q1 2019/20 ICO, the UK’s independent authority set up to uphold information rights, had a total of 3,091 data security occurrences which are breaches of the seventh data protection principle or personal data breaches. BS 10012 was revised in 2017 in order to align with the necessities of GDPR but also to be constant with ISO standards like the ISO 27001, helps to remove any duplication of efforts.
What is Personal Information Management?
Personal information management is the procedure by which companies gain, organize, store, access, and use personally identifiable information. Personal Information Management mentions that when people organize, share and maintain personal information, and the policies, procedures and technologies that allow them to do so. PIM attentions not only on the methods used to store information but also on how individuals access the information for use and removal. Understanding and executing effective Personal Information Management standards helps organizations to function more capably, coping with “information overload”, and developing effective strategies to safeguard personally identifiable information.
Benefits of BS 10012 Personal information Management Systems:
- Prove compliance with the GDPR and other data protection laws.
- Expand structure and focus of data privacy management.
- Embed personal data management in organization’s culture.
- Take a risk-based method to data privacy management.
- Inspire constant improvement to adapt to changes inside and outside the organization.
- Take part with other leading standards for total GDPR compliance such as ISO 27001.
Principles of BS 10012:
As BS 10012 is intended around GDPR it purposes to match the principles set out by those regulations. Thus, the principles of BS 10012 are as follows:
- Legally, honestly and transparently processed
- Collected for definite, explicit and legitimate purposes
- Adequate, appropriate and limited to purposes for which they are processed
- Precise and kept up to date where required, inaccurate data is removed or rectified when essential without delay
- Stored in a form that allows identification of individuals no longer than is required
- Processed in a way that confirms a high level of security, privacy and honesty; protected against illegal access or accidental loss.
Organization will be held responsible for accomplishing and maintaining all of the above. All personal data stored or handled by business must take by these principles if organization want to confirm BS 10012 certification successful. BS 10012 consultancy company is having huge experience in the implementation of BS 10012 certification in IT industries. The BS 10012 Certification of the client, who has taken BS 10012 consultancy services.