LOCS:23 (EU) - making GDPR compliance measurable, auditable and certifiable
LOCS:23 (EU) STANDARD
The LOCS:23 (EU) Standard uses a set of controls that have been approved by the ICO for certification in the UK and correspond directly to the GDPR in the EU.
The only certification standard for Legal Services approved by the ICO, LOCS:23 reflects best practice for protecting Client personal data whilst meeting UK GDPR requirements.
Although UK GDPR and EU GDPR are virtually identical, ICO Art42 Certification Schemes are not automatically recognised by EU Supervisory Authorities. We are in discussions with an EU regulator to get approval under the EU GDPR Art42 and as this is a lengthy process we have made the EU version available to be used either simply as a reference or as a non-official self-certification.
DOWNLOAD
Step 1 - Download the LOCS:23 (EU) Standard free of charge
ASSESS
Step 2 - Carry out a gap analysis of existing policies/processes and assess readiness for certification
SUBMIT
Step 3 - When ready, apply for certification . You will be sent an audit questionnaire to complete and return.
CERTIFY
Step 4 - Our LOCS:23 (EU) audit team will review your submission. If confirmed that it meets the required standard you will receive a certificate of approval.
The LOCS:23 (EU) standard has 34 controls divided into 5 core areas:
1 ORGANISATIONAL AND CLIENT FILE GOVERNANCE
2 CLIENT RIGHTS
3 OPERATIONAL PRIVACY
4 THIRD-PARTY SERVICE PROVIDERS AND DATA SHARING
5 MONITOR AND REVIEW
The primary processing activity within the scope of this standard is:
Processing of Personal Data in the Client File.
Legal Service Providers that process Client data are likely to include in that Processing the Personal Data of the Client.
The LOCS:23 (EU) standard is applicable to any provider of Legal Services who wish to be LOCS:23 (EU) certified and is able to demonstrate their application of Data Protection best practice.
Both Data Controller (law firm) and Data Processor (solution provider) certifications are available.
The LOCS:23 (EU) standard controls are mapped to the GDPR requirements relating to the processing in scope to enable certified organisations to demonstrate compliance with data protection law.
Legal Service Providers, and their supplier/Vendors/Solution providers that have demonstrated compliance with the LOCS:23 (EU) standard are entitled to use the LOCS:23 (EU) logo on their promotional material.
Should this be approved by an EU Supervisory Authority official certification with an official EDPB seal will be available.
