BSI Launches New Standard for Data Protection

What does BS10012 do?

The draft Standard was criticised for merely echoing the Data Protection Principles and the Act. However, the published framework does more than simply recast the Act; it provides a governance framework targeted at an organisation's management. Pursuing a top down approach ensures long-term planning to minimise the risk of non-compliance, rather than solely plugging the existing shortfalls in compliance. In effect, it is a useful prompt for organisations to conduct a root and branch review of their data mapping and risk assessment structures. Given the recent spate of high profile public data protection breaches, simply leaving organisations to formulate their own structures seems to have been less effective. The launch of the Standard is therefore timely.

The Standard was presented to the Data Protection Forum on launch day by Shirley Bailey-Wood, the Operations Director at BSI, where these concerns were highlighted. Ms Bailey-Wood explained that the Standard provides a framework for assessing, maintaining and improving compliance with legislation and good practice. This should allow organisations to demonstrate they handle data in a structured and responsible way.

With technology advancing at a rapid pace, new challenges regarding the handling of personal information frequently open up entirely new ways of making information more available to third parties. Coupled with the fragmented patchwork of European data privacy laws - which in itself has led to associated compliance inefficiencies within organisations - the systematic, standardised approach provided by the Standard seems worthwhile.

Contacts

If you would like further information on this subject please get in touch with your usual contact or:

Nick Graham,
Partner, T +44 (0)20 7320 6907

Scott Singer
Partner, T +44 (0)20 7320 6599