BS 10012 certification

Most organisations process some sort of personal information and many class it as an organisational asset. With such reliance on personal information, organisations need to protect their reputation and implement the appropriate controls to safeguard their data.

BS 10012:2017 is the management system standard for managing personal information. Revised to address the requirements of the GDPR, BS 10012 can help organisations comply with the Regulation by 25 May 2018 deadline.

With many organisations processing personal information of some sort, BS 10012 can help implement policies, procedures and controls to manage an individual’s personal data effectively. It can help you address how your organisation manages and executes employee security awareness training and risk assessments, plus your data retention and disposal processes. 

Benefits of BS 10012

  • Compliance – BS 10012 certification displays a commitment that your organisation is meeting the requirements of the GDPR, demonstrating both compliance and accountability. 
  • Security risks – BS 10012 can help you identify and mitigate your information security risks for the personal data you process.
  • Stakeholder confidence – Certification to BS 10012 provides your customers, trading partners and other key stakeholders, with confidence that you have addressed all security risks relating to their personal information.
  • Reputation – BS 10012 safeguards your organisation’s reputation from damaging publicity relating to data security violations and potential prosecution. 
  • Capability statement – BS 10012 presents a public and independent statement of your organisation’s capability to protect individuals’ personal data, which may help when responding to tenders.

Need help with GDPR?

For help and support on how to comply with GDPR, call 0800 783 2179 or submit our GDPR enquiry form.

How can Lloyd's Register help?

Optional gap analysis 
Lloyd’s Register can provide an optional gap analysis service to help your organisation focus on critical, high risk or weak areas of your personal management system. This assessor delivered activity enables you to verify the policies, procedures and controls you have in place to protect your personal information. Whether you are in the early stages of implementing your personal management system or looking to go for a ‘dry run’ before your assessment visit, the scope of the ‘gap analysis’ can be decided with either your business development manager or assessor.

Lloyd’s Register will review your personal management system to check it meets the standard requirements. Typically a two stage process, it consists of a system appraisal and an initial assessment, the duration of which is dependent on the size and nature of your organisation.

GDPR BS 10012 Factsheet

Download Lloyd's Register's BS 10012 factsheet to learn how certification can help you to implement processes that can manage personal data effectively.