Legal Services Operational Privacy
Certification Scheme (LOCS:23)
The ICO approved certification for legal service providers and partners to comply with GDPR.
- Show GDPR compliance as confirmed by regulators.
- Standard approved by the ICO as a UK GDPR Certification Scheme.
- Implements a recognised, measurable, and auditable data protection standard across your organization.
- Meets stringent data protection requirements.
- Boosts client confidence by showcasing your certification in safeguarding personal data.
What is LOCS:23?
The Legal Services Operational Privacy Certification Scheme (LOCS) is designed to assist legal service providers in demonstrating compliance with UK data protection law when processing client’s personal data. It will provide enhanced trust and confidence that personal data and data subject rights are protected.
Which certifications apply to my business?
The scheme applies to legal service providers (both controllers and processors), including law firms, solicitors, barrister’s chambers, barristers, and other providers, for their processing of personal data in relation to the legal services provided, held in the ‘client file’.
What to expect
Applicants must perform an internal audit against LOCS:23 requirements and provide a copy during the audit process
Ready to apply?
- Assess GDPR compliance and familiarize yourself with key concepts (e.g., records of processing activities, data protection impact assessments, data subject rights, lawful data processing).
- Understand your data flows, sources, storage systems, and sharing entities.
- Evaluate information security needs (e.g., encryption, network security, breach protocols).
- Maintain a central list of policies with authors, sign-offs, and review periods.