BS 10012: Information management of personal data

Companies working with personal data should ensure that this data and the privacy of the people behind it are adequately protected. TÜV NORD CERT now offers BS 10012:2017 for this purpose. This voluntary standard supports companies in setting up and operating effective data protection management systems. The current version already takes into account the requirements of the amended EU Data Protection Basic Regulation (EU-DSGVO) and is accepted throughout the EU.

"The topic of data protection has been omnipresent since the introduction of the new EU basic data protection provision. This is why we are currently registering great demand for BS 10012", says Matthias Springer, Project Manager Security4Safety at TÜV NORD CERT. "Customers also like to choose a combination with other standards. For example, BS 10012 can be easily combined with an information security management system according to ISO 27001. The aspects of risk assessment and risk handling are taken from 27001, which facilitates integration. But the combination with ISO 9001 is also popular. Since data protection is an essential quality factor for a company, quality management and data protection are closely linked. If companies integrate their data protection management into an already existing quality management system according to ISO 9001, they benefit from a host of synergies".

The British standard helps companies to set up guidelines and processes that are necessary for the efficient management of personal data. It covers areas such as training personnel in security awareness, risk assessments, data retention and data destruction. Existing threats to data protection are identified, analysed and eliminated. In this way, companies not only strengthen the trust of their customers, partner organisations and stakeholders, but also improve their external image.

If you have any further questions, please contact Matthias Springer at +49 201 825 329 or send an e-mail to