What is LOCS:23?
LOCS:23 - the GDPR compliance standard in the legal profession.
The Legal Services Operational Privacy Certification Scheme (LOCS:23) is the ICO-approved official GDPR certification scheme for law firms and legal departments. Designed in collaboration with legal and data protection professionals, it helps legal service providers demonstrate compliance with UK data protection law when processing clients’ personal data.
LOCS:23 certification proves that you have all the required policies, processes and training in place.
Why should you become certified?
LOCS:23 applies to legal service providers (controllers and processors), including law firms, solicitors, in-house lawyers and legal departments.
Its scope extends to barristers and chambers, and other legal services providers for their processing of personal data in the provision of legal services.
Above all, certification will help to promote client confidence by demonstrating that your processes are approved and certified to protect their personal data. Therefore, obtaining the officially recognised certification offers a competitive advantage. Procurement processes are simplified through the recognition of LOCS:23 certified vendors, and effectively bypassing data protection questionnaires.
Internally, applying a recognised, measurable and auditable data protection standard across the organisation also helps ensure compliance and consistency, while complementing the InfoSec standard ISO 27001.
Benefits of certification
ICO APPROVED: It is the only ICO-approved GDPR Certification Scheme for legal services (Art. 24)
MITIGATE PENALTIES: Certification reduces or removes any ICO-issued enforcement (Art. 83)
CLIENT CONFIDENCE: Demonstrate to your clients that their data will be protected to the highest standard
UK GDPR COMPLIANT: The knowledge of meeting an official compliance standard
How to achieve certification
We will take you through these steps on your journey to certification:
- Gap Analysis against the LOCS:23 standard
- Work to remediate identified gaps
- Work to gather evidence of compliance
- An official audit
- Oyster IMS can then award ‘Approved’ status
- Refer to the certification body (ADISA) for final certification
Oyster IMS can support your organization through every step of this process.
Why choose Oyster IMS?
Oyster IMS, is a LOCS:23 Registered Consultancy, qualified in implementing the LOCS:23 standard, and with proven expertise in data protection legislation. We have several Approved Implementors, who provide consultancy support and implementation services to organisations wanting to comply with the LOCS:23 standard and prepare for officially recognised certification.
Commenting on Oyster IMS, Tim Hyman, Scheme Owner of LOCS:23, said,
We are keen to maintain the integrity of the LOCS standard and it’s very encouraging to have Oyster IMS on board as qualified consultants. As the world’s first Supervisory Authority approved GDPR certification for legal services, LOCS:23 will be the official benchmark to measure and ensure GDPR compliance. I have known Josef Elliott and the team for many years and they have the expertise, experience, and capabilities to support their clients through certification and beyond.
