top of page
Office Building

Try one of our LOCS:23 experts or consultancies

What is certification?

Art 42 of the UK GDPR provides for the creation of official certification schemes that will be recognised by the local Supervisory Authority (in this case the Information Commissioner's Office).

ICO certification requirements include:

  1. UK GDPR - The standard must meet all UK GDPR requirements.

  2. SCOPE - The standard must have a defined scope that relates to a specific processing activity.

  3. PRACTICAL - formulated in such a way that they are clear and allow practical application.

  4. AUDITABLE - objectives must be specified along with how they can be achieved so as to demonstrate compliance.

  5. RELEVANT - to the target audience.

  6. INTEROPERABLE - with other standards such as ISO 27001.

  7. SCALABLE - for use by different sized organisations.

Further ICO guidance on the benefits of certification can be found here.


LOCS:23 has been approved by the ICO as the official certification for Legal Service Providers.


LOCS is an acronym for:

Legal Services Operational Privacy Certification Scheme

LOCS:23 Scope

The primary processing activities within the scope of this standard are:

  • Processing of Personal Data in the Client File

  • Ensuring protection of Client data when shared

 (the full scope can be seen in the LOCS:23 Standard).

Business Conference

Hear from the Certification Body

Who  Should certify?

Will you support GDPR compliance in your firm?

Why not become a Certified LOCS Practitioner (CLP)

Original on Transparent_edited_edited_edited.png

Prior to full certification, an organisation can promote the fact it is ready by becoming LOCS:23 Approved.


Only Approved Implementors or Qualified Consultancies can award LOCS:23 Approved status based on a successful audit.

LOCS2 Approved.png
bottom of page