TÜV NORD certifies data protection management to BS 10012

In harmony with the GDPR, the standard provides guidance for action and therefore helps clients to prove conformity.

Hamburg: Since May 2018, organizations which process personal data have to observe the new requirements of the General Data Protection Regulation (GDPR). Many of those affected have difficulty in demonstrating that they are acting according to the new rules. TÜV NORD now offers support based on the new standard BS 10012:2017. In harmony with the GDPR, this standard provides concrete guidance for action and therefore helps clients to prove the necessary conformity.

Many organizations do not feel secure when it comes to concrete implementation of the GDPR – the requirements are complex, while at the same moment the lack of an accreditation scheme seems to imply that there is no recognised body which can testify to fulfilment of the GDPR (in accordance with Article 42 and 43). Certification service provider TÜV NORD is now providing a solution to this dilemma with certification of data management according to the standard BS 10012:2017.

What is BS 10012?

BS 10012 is an independent, voluntary standard for which certification is possible. The standard supports organizations to establish guidelines and processes for efficient management of personal data. This also includes security awareness training of employees , creation of risk assessments, retention and preservation of data and data destruction. “Working to the standard means that weaknesses and risks with regard to security of personal data can be identified and reduced. The probability of incurring fines because of GDPR infringements is also many times lower, because a data protection management system according to BS 10012 is considered to be the basis of a GDPR compliant system”, explains Wolfgang Wielpütz, Managing Director of TÜV NORD CERT. The standard reflects the high level structure of all relevant ISO management systems, and can therefore be easily combined with other management systems.

Optimising processes and creating trust

Certification is possible for all organizations which process personal data – for example of their clients and employees – and who are therefore affected by the GDPR. The clear and well-structured stipulations of the standard help organizations to demonstrate correct handling of internal data protection to their stakeholders, reliably and in written form. This creates trust and a solid basis for both existing and prospective clients. Optimization of the data protection process also improves both the cost efficiency and the reputation of the organization. Certification of data protection management systems in accordance with BS 10012 is a part of our services in the area of Security4Safety. This is where Safety, in the sense of traditional operational and product safety, and Security – in other words cybersecurity – are linked to each other with the focus on practical implementation, creating an integrated approach to risk management.

More information on certification of personal data protection management according to BS 10012 can be found at https://www.tuev-nord.de/en/company/industry/certification/system-certification/information-technology/bs-10012/ 



As a long-established and respected technology provider, we are the global byword for security and trust. We have the digital future firmly in mind. Independent engineers and IT security professionals provide excellent solutions for security and quality and have put us in an outstanding competitive position. In more than 70 countries, we support our clients and partners in their commitment to people, technology and the environment. www.tuv-nord-group.com

Annika Burchard

Industry, Energy, TÜV NORD Akademie

Share this page