BS 10012 Personal Information Management Systems (PIMS)

Personal information represents a critical asset for any organisation. Responsible management of this data is vital for maintaining trust and fulfilling legal requirements. BS 10012:2017 sets out a clear framework for developing and maintaining a Personal Information Management System (PIMS), supporting organisations in handling personal data securely, transparently, and in line with privacy regulations such as the General Data Protection Regulation (GDPR).
Achieving BS 10012 certification with Kiwa demonstrates that safeguarding personal information is embedded in an organisation’s culture and daily operations.

Receive a quote tailored to your needs

+44 (0) 800 052 2424 Contact us Get a quote

What is BS10012?

BS 10012:2017 is the British Standard for Personal Information Management Systems (PIMS). It offers a structured approach for organisations to develop and maintain policies, procedures, and controls covering the collection, storage, use, and deletion of personal data.

Updated in 2017, the standard aligns with the General Data Protection Regulation (GDPR) and is designed to integrate smoothly with ISO 27001 – Information Security Management. This integration allows organisations to embed data protection practices within their broader information security and business continuity management systems.

 

Why Choose Kiwa?

Kiwa is recognised as an independent authority in testing, inspection, and certification, supporting organisations in safeguarding their data, reputation, and stakeholder relationships. With a deep understanding of the connections between privacy, compliance, and security, Kiwa’s experts offer clear, practical guidance throughout the BS 10012 certification process.

This approach ensures that certification delivers tangible improvements to an organisation’s management system. Choosing Kiwa means partnering with a trusted expert dedicated to helping organisations enhance compliance, drive performance, and build lasting confidence among stakeholders.

Benefits of the Service

Stronger GDPR compliance

Demonstrate that your systems meet the requirements of GDPR and other privacy laws.

Improved risk management

Reduce the risk of information loss, misuse, or unauthorised access.

Increased stakeholder trust

Show customers, partners, and employees that their personal data is handled with care and integrity.

Legal and regulatory assurance

Minimise exposure to penalties, legal risks, and reputational damage.

Integrated information protection

Combine BS 10012 with ISO 27001 for a unified approach to data and information security.

Resilient business operations

Build a culture of accountability and confidence around personal data management.

The certification process with Kiwa

    Gap Analysis

    An initial review is conducted to assess current data protection practices and identify areas for improvement before starting the certification process.

    Stage 1 Audit

    Documentation, policies, and alignment with GDPR are examined to evaluate the organisation’s readiness for certification.

    Stage 2 Audit

    The effectiveness of the Personal Information Management System is assessed in practice through an on-site evaluation.

    Certification

    Following successful assessment, the BS 10012 certificate is issued to confirm compliance.

    Surveillance Audits

    Regular annual audits are performed to ensure ongoing compliance and the continued effectiveness of the management system.

    Recertification Audit

    A comprehensive reassessment is carried out every three years to maintain certification and address any regulatory changes.

Why is BS 10012 important to have?

Managing personal data properly is not only a legal requirement but also a matter of trust and integrity.

BS 10012 helps you:

  • Identify and manage data protection risks

 

  • Strengthen security and compliance measures

 

  • Increase transparency and accountability

 

  • Protect your reputation and build customer confidence

 

  • Prevent data breaches and misuse

BS 10012 and GDPR

The General Data Protection Regulation (GDPR) defines how organisations must protect and process personal data.

BS 10012 provides the management framework to achieve and maintain this compliance, with clear roles for:

• Data controllers – deciding how and why personal data is processed

• Data processors – managing and protecting data on behalf of controllers

Certification to BS 10012 helps ensure that both roles are fulfilled responsibly and transparently, with systems in place for continual improvement.

Related Services