BS 10012:2017 DATA PROTECTION - SPECIFICATION FOR A PERSONAL INFORMATION MANAGEMENT SYSTEM

Our country's Personal Data Protection Act and Enforcement Rules of the Personal Data Protection Act reference and follow one of the international personal information management standards BS 10012, Indicator industries, such as the financial industry, telecommunications industry, and direct selling industry have set up a PII management system and applied for third-party certification, which can help enterprises effectively manage and secure personal data, and can also demonstrate the enterprises' good management responsibility, thus building consumer confidence and trust.

BS 10012:2017 refers to the ISO Organizational Annex SL framework, which is consistent with other ISO international standards. The standard is designed to ensure that the organization has appropriate control measures in place. In addition to helping to protect individuals, it also increases the confidence of interested parties, such as customers and stakeholders, in the management of personal information. It can also effectively demonstrate that the organization has fulfilled its responsibility to protect good managers.

In response to the EU GDPR, which has been fully implemented since 25 May 2018, new regulatory requirements have been added to the Personal Data Protection Act, such as "the right to be forgotten", "data portability", "data analysis", " pseudo anonymization", "data minimization", etc. BS 10012 has also been included in the 2017 edition. Therefore, by introducing and verifying BS 10012, the enterprise/organization can demonstrate the positive and proactive management of the organization's assets.

Applicability

BS10012 British Standard Personal Information Management System is suitable for all types of enterprises that collect, process, and utilize a large amount of personal information.

Benefits of the Certification