LOCS:23 Certification, the GDPR Standard for Law Firms

Contact Us

What is LOCS:23?

LOCS:23 stands for the Legal Services Operational Privacy Certification Scheme, a new standard approved by the ICO to help legal service providers demonstrate compliance with UK Data Protection laws.

The standard is publicly available via the ICO website, however many legal services providers benefit from the broad legal services industry and data protection experience of our LOCS:23 Consultants, to help them implement robust procedures and achieve LOCS:23 Certification.

View the LOCS:23 Standard.

Data Controller and Data Processor Certifications

The LOCS:23 standard makes provision for both data controllers and processors with two certification marks available.

LOCS:23 Requirements

Organisations will need to demonstrate compliance with a number of controls in the standard, which are categorised under the following headings:

  • 8.1 ORGANISATIONAL AND CLIENT FILE GOVERNANCE
  • 8.2 DATA SUBJECT RIGHTS
  • 8.3 OPERATIONAL PRIVACY
  • 8.4 THIRD PARTY SERVICE PROVIDERS AND DATA SHARING  
  • 8.5 MONITOR & REVIEW 

The standard provides a mapping to UK GDPR Articles, where applicable, as well as alternative controls for processors.  

About LOCS:23 Certification

ADISA is the approved certification body for LOCS:23.  Find out more.

More information:

Robert Clements
Robert Clements
Articles: 292