Our certification body provides TÜRCERT BS 10012 Personal Information Security Management System auditing and certification services, briefly looking at this standard, good practice used by companies to establish and maintain a data protection law compatible with the 1998 is the standard.
What does personal information mean?
Personal data refers to any information relating to an identifiable or identifiable natural person. In this context, not only the information that provides its definitive diagnosis, such as name, surname, date of birth and place of birth of the individual, but also personal data about the physical, family, economic, social and other characteristics of the person. When a person is specific or identifiable, this means that the person is identifiable by associating the existing data with a real person in any way. So the data; This standard specifies the person to determine the physical, economic, cultural, social or psychological identity of a person or any person who identifies the person as a result of being associated with any record such as identity, tax, insurance number. Data such as name, telephone number, motor vehicle number plate, social security number, passport number, resume, picture, image and sound recordings, fingerprints, genetic information are personal data due to their ability to make the person identifiable.
By following the framework specified in BS 10012, the security of the data stored by the organizations can be increased, better data processing and management of data transfers, compliance with legal requirements. (source)
The BS 10012 Personal Information Security Management System Standard is the first standard that relates to personal information management. By following the framework specified in BS 10012, the security of the data stored by the organizations can be increased, better data processing and management of data transfers, compliance with legal requirements.
Turkey BS 10012 Registered Electronic Mail (PEP) for the application of Information Technology and Communications Committee (ICTA) is required by.
It is the British Standard for the protection of corporate and personal data. Guidance on how to protect the data. It is a standard that covers the management of better processing and better handling of storage and protection of organizations.
How does it work
A plan should be developed for BS 10012-enabled personal management and processes related to data protection should be identified.
Who Is Applied This Standard
Public and private institutions of all sizes
Every organization and person requesting the protection of personal data
Protection of personal data are becoming increasingly important in the world and in Turkey with legal regulations. BS 10012: 2009 This is the management system standard for the identification of personal data management and processing principles in organizations.
Companies Data Protection Act 1998 (the Data Protection Act 1998) is a best practice standard used to establish and maintain a management system compatible with.
The BS 10012 Personal Information Security Management System Standard is the first standard that relates to personal information management.
By following the framework specified in BS 10012, the security of the data stored by the organizations can be increased, better data processing and management of data transfers, compliance with legal requirements.
What BS 10012 contains;
Personal Data Management System Planning
Establishment and Management of KVYS
Scope and Objectives
Personal Data Management Policy
Policy Content
Responsibility and Liability
Provision of Resources
Integrating KVYS into Organizational Culture
Implementation and Operation of Personal Data Management System
Appointment of Key Persons
Identification and Documentation of Personal Information
Education and Awareness
Risk assessment
Keeping KVYS up-to-date
Notification
Fair and lawful processing
Processing of Personal Data for Special Purposes
Adequate, relevant and relevant
Accuracy
Rights of Persons
Security Issues
EEA (European Economic Area) Exclusion of Personal Information
Third Party Privacy Management
Data Processing by Subcontractor
Maintenance
Personal Data Management System Monitoring and Review
Inner control
Management Review
Personal Data Management System Improvement
Preventive and Corrective Actions
Continuous improvement
Annex-A PDCA Cycle