IT Governance and group companies have been independently audited against the requirements of BS10012 and recommended for certification. As we were already GDPR compliant, and already had a mature management system that integrates the requirements of ISO/IEC 27001 and ISO 9001, it turned out to be a relatively easy step for us to take. The dividends, in terms of providing GDPR-compliance assurance to board, customers, suppliers and investors, are so much greater than the investment required to implement a formal PIMS.
Our in house team did a great job to get us over this line; of course, the fact that we are already providing BS 10012 implementation support to a number of clients gave us a lot of experience to draw on!