• BS 10012 is a leading International Standard for Data Privacy. It is a British standard that sets out the requirements for implementing a Privacy Program and aligns with the principles of the European General Data Protection Regulation (EU GDPR). It outlines the core requirements organizations need to consider when collecting, storing, processing, retaining, or disposing of Personal Data. It helps organizations design and implement policies and procedures as part of their Privacy Program.
• BS 10012 provides a framework to help organizations maintain and improve compliance with data protection legislations and provide assurance to their stakeholders.

• BS 10012 is easily integrated with other popular management system standards like ISO. Implementing BS 10012 helps organizations identify and manage Data Privacy risks, supports regulatory compliance with Privacy regulations, inspires customer trust and protects reputation and helps benchmark with recognized best practice.
• An organization gets certified for BS 10012 after an audit by accredited certifying bodies. When a trusted external body provides this ‘stamp of approval’, it provides assurance to the outside world that the organization has indeed implemented Data Privacy in a comprehensive structured manner as per the BS 10012 standard.
• Many external stakeholders like customers, regulators, business associations etc. require organizations to get certified as a pre-requisite to doing business. Even without such mandates, several organizations get certified for BS 10012 to build and convey trust to their ecosystem.

• Not at all! You can be of any size to get certified for BS 10012. BS 10012 can help organizations of any size in the public and private sectors to initiate, implement and maintain a Privacy Program.

• You need to first design and implement the BS 10012 standard in your organization. Once you complete the implementation and build sufficient evidence to prove that you have the standard running smoothly, you call an accredited agency to certify you. The agency will conduct an audit to assure itself that you have indeed implemented the standard. Post which, it awards you the certification.

• A certificate is valid for three years. Organizations are expected to not just stay compliant but to improve their Privacy related processes in these three years.

• Although you can deploy BS 10012 in only certain ‘parts’ of the organization which are exposed to Privacy Laws, there are many Privacy related processes which make more sense when deployed at an organization level. You can restrict the certification to only certain parts of the organization, depending on business priorities and budgetary constraints.

• We DO NOT ‘replace’ anything that you have already deployed. We merely build on it and add the ‘missing’ pieces. Our endeavor is to leverage whatever has been already done so you can move towards your goal faster.

• We at Arrka have done all the hard work on your behalf – so you don’t need to spend time understanding what BS 10012 is all about. All of this is baked into the platform.
• Further, for actual deployment, we have a team of consultants who will handhold you through the whole process to get you going. And if you need help for day-to-day management of your Data Privacy program, then the Arrka team can take that on as well. In short, we work as your virtual DPO (Data Protection Officer).
   

• The Arrka platform has all the necessary ‘intelligence’ built into it for BS 10012. This means that you can do the entire deployment of the standard on your own or with our customer assistance team. In other words, there is no dependence on people and their individual competencies. Secondly, with everything automated on the platform, it takes up to 70% less time to implement. And you have all the information you need at your fingertips at any given point in time – no laborious excel sheets and email threads to scan through. Thirdly, the day-to-day management and operations being fully configured on the platform, you have everything in one place to manage your entire BS 10012 program. This includes managing client contracts, vendors, auditors, etc. So not only does it help during the initial certification but also through the entire lifecycle.

• Not at all! Your data continues to remain exactly where it is. The Arrka platform only helps you manage the compliance end-to-end, for which we do not need access to the actual data at any point in time.

• No. Nothing is required to be installed or deployed on your servers

Yes, Arrka has a pool of Privacy Experts who can step in to help you with any queries you have or any assistance you may need.