Public to have their say on new data protection standard


8 January 2009

BSI British Standards invites comments on a new draft standard on the management of personal information. Once published, the standard will assist organizations in complying with the Data Protection Act 1998.

Developed by a committee of experts including representatives from industry, government and academia, DPC BS 10012 is applicable to any organization which holds the personal information of living individuals. Once published, this standard will enable organizations to put in place an infrastructure for maintaining and improving compliance with the Data Protection Act.

DPC BS 10012, expected to be published in June 2009, is a management systems standard. Rather than prescribing exactly how operations should be run it provides the framework which will enable an organization to effectively manage personal information. For example, the standard focuses on ensuring that an organization provides sufficient guidance and resources (e.g. staffing), and creates a positive culture within which data processing can occur.

The management system format of ‘Plan-Do-Check-Act’, in which this standard is written, is well-established in standards such as BS EN ISO 9001:2000 Quality management systems and BS ISO/IEC 27001:2005 Information technology. Security techniques. Information security management systems. Requirements.

Gordon Wanless, Chairman of the DPC BS 10012 Drafting Panel and Chair of the Data Protection Forum, said: “This standard is the first of its kind in the area of Data Protection and is expected to be used widely by both public and private sector organizations. Data Protection has been the focus of much public attention over the last year and this standard will help organizations demonstrate that they are handling personal information responsibly. To ensure it is fit for purpose, it is extremely important that we receive comments on the draft standard, from both companies and individuals and I would encourage anyone with an interest to express their views.”

The public review period for DPC BS 10012 closes on 31 March 2009.

Data Protection guidance for your sector

In addition to the new draft standard, British Standards has a number of publications which provide guidance on the processing of data (some of these will be updated upon publication of BS 10012):

- ENDS -

Notes to editors

About BSI British Standards

BSI British Standards is the UK’s National Standards Body, recognized globally for its independence, integrity and innovation in the production of standards and information products that promote and share best practice. BSI works with businesses, consumers and government to represent UK interests and to make sure that British, European and international standards are useful, relevant and authoritative.

About BSI Group

BSI British Standards is part of BSI Group, a global independent business services organization that inspires confidence and delivers assurance to customers with standards-based solutions. Originating as the world’s first national standards body, the Group has over 2,300 staff operating in over 120 countries through more than 50 global offices. The Group’s key offerings are:

  • The development and sale of private, national and international standards and supporting information
  • Second and third-party management systems assessment and certification
  • Product testing and certification of services and products
  • Performance management software solutions
  • Training services in support of standards implementation and business best practice.