BS 10012 Data Protection - Personal Information Management Systems

he GDPR is directly applicable to the UK and member states retain the ability to introduce national level derogations, where these are required for specific purposes. The UK has recently introduced the Data Protection Act 2018 which specifically references the GDPR. Compliance with EU and UK data protection legislation is monitored, regulated and enforced by the Information Commissioner (the UK's "supervisory authority"), who is responsible for promoting the protection of personal information. The Information Commissioner promotes good practice by the issue of guidance, rules on eligible complaints, provides information to individuals and organizations (acting as controllers and/or processors) and takes appropriate action when the law is broken. The Information Commissioner has powers to investigate complaints, make assessments as to whether processing is compliant with the national legislation, and issue information and enforcement notices. This British Standard is drafted using the rules specified for management system standards in the ISO Directives, Annex SL, and follows the common high level structure