top of page
Writing an application

LOCS:23 STANDARD

Why not certify as a LOCS Practitioner
Original on Transparent.png

The LOCS:23 Standard is a set of controls that are required to be in place to achieve LOCS:23 Certification.

The only certification standard for Legal Services approved by the ICO, LOCS:23 reflects best practice for protecting Client personal data whilst meeting UK GDPR requirements.

​

For the first time, compliance is measurable and auditable.​

LOCS23.jpg

The LOCS:23 standard has 34 controls divided into 5 core areas:

​

1 ORGANISATIONAL AND CLIENT FILE GOVERNANCE

​

2 CLIENT RIGHTS

​

3 OPERATIONAL PRIVACY

​

4 THIRD-PARTY SERVICE PROVIDERS AND DATA SHARING

​

5 MONITOR AND REVIEW

The primary processing activity within the scope of this standard is:

 

Processing of Personal Data in the Client File.

 

Legal Service Providers that process Client data are likely to include in that Processing the Personal Data of the Client.

 

Client data including any Personal Data will be kept as a single electronic record of the Client engagement known as the ‘Client File’. As a consequence, Legal Service Providers must meet UK GDPR requirements particularly in protecting the data and honouring the Client’s rights as a Data Subject. In addition, there are a number of sub-processes that are necessary to maintain the file as listed below in ‘Processing Activities in Scope’.

 

The LOCS:23 standard is applicable to any provider of Legal Services who wish to be LOCS:23 certified and is able to demonstrate their application of Data Protection best practice.

 

The LOCS:23 standard controls are mapped to the UK GDPR requirements relating to the processing in scope to enable certified organisations to demonstrate compliance with UK data protection law.

​

Legal Service Providers, and their supplier/Vendors/Solution providers that have demonstrated compliance with the LOCS:23 standard are entitled to use the LOCS:23 logo on their promotional material once certified by a UKAS approved certification body.

 

Ensuring protection of Client data when shared, Legal Service Providers may use Data Processors and/or Sub-Processors in their supply chain to assist with or provide Processing services.

 

Legal Service Providers may also share Client data with other Legal Service Providers or Data Controllers. To ensure complete protection across the Legal Service supply chain, these should be included within scope where applicable.

​

​

The LOCS:23 STANDARD IS AVAILABLE FREE OF CHARGE FROM THE ICO WEBSITE HERE

Have any questions or comments regarding the LOCS Standard?

bottom of page