Merit & GDPR

Merit – Your GDPR Compliant Partner

Merit has recently become one of the first organisations in the world to be recommended for the BS10012:2017 standard on Personal Information Management System (PIMS), written in recognition of GDPR requirements.

This British Standard is recommended for organisations that demonstrate a commitment to building privacy into their systems and processes.

Read More

The BS10012:2017 is implemented to enable organisations to put in place, as part of the overall information governance infrastructure, a personal information management system (PIMS) which provides a framework for maintaining and improving compliance with data protection requirements and good practice.

Merit understands that information on individuals is a valuable asset and needs to be properly protected. This new edition of BS10012 has been written in recognition of the publication of the European Union General Data Protection Regulation (GDPR). Any organisation currently implementing their approach to the GDPR will be aware of the importance of having compliant suppliers.

Implementing this British Standard has been a milestone in Merit’s Information Governance strategy and demonstrates Merit’s position as a global leader in GDPR compliance.

The BS 10012 2017 demonstrates a commitment to building privacy into an organisations systems and processes.

The objective of this British Standard is to enable organisations to put in place, as part of the overall information governance infrastructure, a personal information management system (PIMS) which provides a framework for maintaining and improving compliance with data protection requirements and good practice.

This new edition of BS 10012 has been written in recognition of the publication of the European Union General Data Protection Regulation (GDPR). Amongst the changes from the 2009 edition of BS 10012, are:

  • New definition of personal and sensitive data
  • Restrictions on profiling using personal data
  • New administrative requirements for data privacy officers
  • Pseudonymous data specifically covered
  • Abolishing of notification/registration requirement
  • New stricter requirements when using consent as a basis of processing personal data
  • Changes to subject access and other rights for data subjects
  • Enhanced right to erasure and new right to profitability
  • Security breach notification requirement
  • Privacy by design and privacy impact assessment requirements
  • Extension of the law to cover data processors
  • Removal of the safe Harbour ground for data transfers to the U.S.

 


 

Did you know ‘legitimate interest’ is an acceptable route for b2b organisations to comply with GDPR?

View Merit’s guide to GDPR & Legitimate Interest

Merit provides ‘GDPR-safe’ data + code for some of the world’s leading b2b organisations. If you would like to find out more, please get in touch via dpo.merit@meritgroup.co.uk

View our detailed FAQ’s on GDPR & E-Privacy

 

 

For more information about Merit’s regulatory compliance, please email dpo.merit@meritgroup.co.uk

Merit Group