With the BS 10012 certificate you will build a meaningful and effective PIMS (Personal Information Management System) and fulfil the legal obligation of personal data protection, which has been regulated by the General Regulation on Personal Data Protection or GDPR since May 2018. In addition, by taking appropriate measures, you will strengthen customer confidence and increase the credibility of your entire organization.
At TAYLLORCOX, we have been performing personal data protection audits for over 10 years. As one of the few Czech companies who offer the BS 10012 certification, we also provide a unique mix of advantages:
The legislation imposes an obligation to protect personal data but provides no guidance to help companies comply with the measures. That is why the BS 10012 certification was created and brings a number of benefits for your organization:
At TAYLLORCOX we have developed a unique three-phase certification process that allows us to proceed with unrivalled speed and efficiency.
We will pass the necessary knowledge to your employees.
One of the conditions for obtaining BS 10012 is demonstrable PIMS knowledge of your employees. All necessary training is conducted by internationally accredited auditors with extensive experience.
We have prepared a supporting materials package for you. This will facilitate your path to successful certification.
The package contains a full set of templates, samples and forms that will guide you through the compilation of a key BS 10012 manual for the entire company, including checklists. With these, you will ensure that you have optimized all processes in the company as required by legislation and certification. The authors of the toolkit are our accredited auditors, leading experts on BS 10012, who guarantee the factual accuracy and quality of all materials.
Get a confirmation that your business processes meet the strict requirements of BS 10012.
The certification will be performed by our lead auditor. The first stage of the internal audit - desktop review - will focus on the description of the current state of security documentation in terms of its complexity and completeness. It will be followed by a process review, where we will evaluate the compliance of the documentation with reality and compile a list of necessary measures.
BS 10012 is a British standard that contains best practices for the implementation of personal data management systems.
The protection of personal data in the Czech Republic was previously enshrined in Act No. 101/2000 Coll. At the same time, Directive 95/46 / EC applied to the Member States of the European Union. However, in May 2018, the General Data Protection Regulation (GDPR) came into force, replacing the original legislation. BS 10012 certification confirms that the organization meets the requirements set by the GDPR.
Is it really important to get the BS 10012 certification?
Modern technologies make it possible to collect and evaluate huge amounts of data, which increases the risk of invading the privacy of those who provide information about themselves. We should therefore be interested in the protection of personal data. In addition, it has been established by an EU regulation, which we know as GDPR, and the BS 10012 standard significantly helps to comply with its requirements.
Our organisation works with personal data, what does that mean?
The law imposes a number of obligations on controllers and processors of personal data, the proper fulfilment of which in practice is not entirely simple.
The controller or processor must "put in place appropriate technical and organizational measures to protect personal data against accidental or unauthorized access, destruction, loss, unauthorized modifications, unauthorized disclosure and any other form of unlawful processing". These measures must be based on the environment in which the personal data are processed, be proportionate to the risk, be processed, be documented and reflect the technologies used.
What are the most common problems in organisations that do not have the BS 10012 certification?
In consulting and auditing we often encounter helplessness among responsible staff who do not know how to apply personal data protection requirements. Some organizations believe that it is enough to issue an internal regulation containing quotations from the law, thus avoiding legal liability. But how to implement its requirements factually, organizationally and technically? The BS 10012 certification will answer this question, incl. process settings.
We will design a solution to suit your needs.Send a non-binding request