First firms certified with GDPR compliance standard

A pilot scheme launched to provide law firms with a better understanding of General Data Protection Regulations (GDPR) and demonstrate compliance with its obligations has seen the first firms certified. The Legal Services Operational Privacy Certification Scheme (LOCS:23) is the first sector-wide GDPR certification standard for legal service providers and their solution partners.

The standard has been approved by the Information Commissioner’s Office (ICO) to assist and support law firms and barristers’ chambers to meet their UK GDPR obligations, and evidence to clients that their data is properly and legally protected. Until the existence of the LOCS:23 Standard, all levels of compliance with GDPR have been a matter of opinion from Data Protection Officers (DPOs) or someone in a similar role within organisations, says Tim Hyman, LOCS:23 scheme owner, adding the new GDPR standard should be a given for all within the legal sector;

“Nothing has changed. The UK GDPR has been here since 2018. The law says you have to do this. Why wouldn’t you [use the LOCS:23 standard], now you know that there is an ICO-approved standard that you can measure yourself against and be audited against.”

Cardiff-based 30 Park Place were the first to achieve accreditation, supported by eLearning consultancy Briefed, who are also accredited. Head of Chambers of 30 Park Place, Catrin John said:

“We are incredibly proud that a barristers’ chambers in Wales has set the compliance precedent and inspiration for other legal service providers. In today’s digital landscape, where data breaches and privacy concerns abound, robust data protection practices are non-negotiable – for our clients, employees, barristers and for those working in and with the justice system in England and Wales. LOCS:23 certification not only demonstrates compliance, but also instils confidence in our clients, making it a valuable asset for our organisation.”

Commenting on his experience with the new certification, Briefed Barrister and Approved LOCS:23 Implementer, Ben Murphy said

“At first glance, the standard is certainly daunting. Clocking in at over 80 pages of requirements, the scope of the standard can be a lot to wrap your head around. But it is important to remember that the standard isn’t a significant departure from the current best practice within the legal sector – rather, it codifies in a single, comprehensive certification. The key consideration for law firms and chambers will be evidencing every aspect of their compliance. It’s not enough to simply implement a policy and never look at it again; you must show a process of continual review and updates.”

Former barrister-turned-Briefed CEO, Orlagh Kelly, believes the creation of the LOCS:23 certification puts the legal sector in prime position when it comes to GDPR compliance. She said:

“[LOCS:23] is a real bonus for law firms and barristers’ chambers because they know what GDPR compliance is. The ICO will take this certification into consideration in the event that they have a data breach. It is moving away from a grey area and it is very definitive. I think the legal sector have been the winners in this, to be the first profession to have a certification available to them.”

Now that the pilot has been completed, the application window for organisations interested in taking on the LOCS:23 accreditation is now open.

Read more stories

Join over 6,000 wills and probate practitioners – Check back daily for all the latest news, views, insights and best practice and sign up to our e-newsletter to receive our weekly round up every Friday morning. 

You’ll receive the latest updates, analysis, and best practice straight to your inbox.