LOCS:23 – ICO approve new ‘premier’ GDPR standard for legal sector

By Legal Futures Briefed

The Information Commissioner’s Office have approved a new legal standard today, that could rapidly become the industry’s default requirement for law firms and chambers seeking public sector and other work.

The new LOCS:23 scheme will clearly set out the standard of GDPR compliance for those who are working in and supplying the legal profession.

But what actually is LOCS:23 and why is it becoming essential for the legal sector?

What is LOCS:23?

The Legal Services Operational Privacy Certification Scheme (LOCS:23) is the legal sector’s first premier GDPR standard, designed to assist law firms and barrister’s chambers fulfil their UK GDPR obligations while evidencing to clients that their data is properly and legally protected.

Successfully implementing LOCS:23 offers pivotal advantages, including shielding against ICO enforcement and fines, gain a competitive advantage to win more work, reducing data breaches and associated costs, ensuring universally recognised compliance, and simplifying procurement processes while bolstering chances in tenders.

Much like Cyber Essentials – The government-back accreditation scheme to help organisations protect themselves against online security threats – it is likely that public bodies will soon require compliance with the LOCS:23 standard as a precondition for tendering work.

The importance of GDPR compliance in the supply chain is paramount in today’s world, therefore many businesses in the private sector, notably financial institutions, are likely to follow suit.

It is also likely to become a pre-requisite for law firms and chambers’ own supply chains, given that the standard applies to any business that handles client data – such as document shredders.

What role do Briefed play in LOCS:23?

Briefed have been authorised to implement LOCS:23 into the legal sector. Our Founder and CEO, Orlagh Kelly, believes the existence of LOCS:23 means that all those working in and supplying the legal profession now know the standard of GDPR compliance they are required to meet.

“[The new certification is] not asking you to do any more than you already should be doing.

“Rather, it creates a framework to make sure you have every base covered.”

Briefed is among the first specialist businesses approved to help law firms and chambers achieve LOCS:23 certification. Uniquely, as a supplier to the legal services world, we have undertaken the certification process ourselves, giving us a true understanding of not only what it takes for a business to achieve and maintain this new standard, but how effective the standard itself is.

We follow a bespoke, direct process when helping legal organisations get prepared for undertaking the LOCS:23 certification process, offering a blend of consultations, document reviews and action planning to ensure you are up to the required compliance standards.

The legal profession has been in need of a robust security measure, after repeatedly encountering issues with the ICO over the years. Most recently in March 2022, leading criminal law firm, Tuckers, was fined £98,000 after a ransomware attack exploited its “negligent security practices”, acting as proof that lawyers are not given any kind of special treatment.

“The standard will not stop hackers targeting lawyers,” stated Mrs Kelly.

“But complying with [LOCS:23] will ensure they are better protected and more able to manage a data breach. It will also be a major mitigating factor in the event of a breach and an ICO investigation.”

“The reality is that people are still the biggest risk but with proper training, they become the first line of defence and that is a key part of the requirements.”

After becoming LOCS:23 compliant, the certification will last for three years, with a recertification process required at the end of this term. However, in an attempt to ensure that law firms and chambers maintain the expected level of compliance, evidence of proper training and auditing processes must be produced annually.

To find out if you can get GDPR certified to the LOCS:23 standard, you can find more information on our website here.

Alternatively, if you have any questions, please do not hesitate to contact us via email at hello@getbriefed.com or call us on 028 9621 6345.


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation