A pilot scheme launched to provide law firms with a better understanding of General Data Protection Regulations (GDPR) and demonstrate compliance with its obligations has seen the first firms certified. The Legal Services Operational Privacy Certification Scheme (LOCS:23) is the first sector-wide GDPR certification standard for legal service providers and their solution partners.
The standard has been approved by the Information Commissioner’s Office (ICO) to assist and support law firms and barristers’ chambers to meet their UK GDPR obligations, and evidence to clients that their data is properly and legally protected. Until the existence of the LOCS:23 Standard, all levels of compliance with GDPR have been a matter of opinion from Data Protection Officers (DPOs) or someone in a similar role within organisations, says Tim Hyman, LOCS:23 scheme owner, adding the new GDPR standard should be a given for all within the legal sector;
“Nothing has changed. The UK GDPR has been here since 2018. The law says you have to do this. Why wouldn’t you [use the LOCS:23 standard], now you know that there is an ICO-approved standard that you can measure yourself against and be audited against.”
Cardiff-based 30 Park Place were the first to achieve accreditation, supported by eLearning consultancy Briefed, who are also accredited. Head of Chambers of 30 Park Place, Catrin John said:
“We are incredibly proud that a barristers’ chambers in Wales has set the compliance precedent and inspiration for other legal service providers. In today’s digital landscape, where data breaches and privacy concerns abound, robust data protection practices are non-negotiable – for our clients, employees, barristers and for those working in and with the justice system in England and Wales. LOCS:23 certification not only demonstrates compliance, but also instils confidence in our clients, making it a valuable asset for our organisation.”
Commenting on his experience with the new certification, Briefed Barrister and Approved LOCS:23 Implementer, Ben Murphy said
“At first glance, the standard is certainly daunting. Clocking in at over 80 pages of requirements, the scope of the standard can be a lot to wrap your head around. But it is important to remember that the standard isn’t a significant departure from the current best practice within the legal sector – rather, it codifies in a single, comprehensive certification. The key consideration for law firms and chambers will be evidencing every aspect of their compliance. It’s not enough to simply implement a policy and never look at it again; you must show a process of continual review and updates.”
Former barrister-turned-Briefed CEO, Orlagh Kelly, believes the creation of the LOCS:23 certification puts the legal sector in prime position when it comes to GDPR compliance. She said:
“[LOCS:23] is a real bonus for law firms and barristers’ chambers because they know what GDPR compliance is. The ICO will take this certification into consideration in the event that they have a data breach. It is moving away from a grey area and it is very definitive. I think the legal sector have been the winners in this, to be the first profession to have a certification available to them.”
Now that the pilot has been completed, the application window for organisations interested in taking on the LOCS:23 accreditation is now open.
2 responses
ADISA is the certification body for this new certification: LOCS:23.
We’re currently working with UKAS on adding LOCS to our accreditation which includes an existing GDPR Certification Scheme, so we’re well versed in this process.
To find out more we’re running a free webinar on June 17th.
To register please go here: https://events.ringcentral.com/events/becoming-locs-23-certified-webinar-hosted-by-adisa-s-steve-mellings-60c76e28-56ac-4d2a-a55f-5161ca873520
To find out about the GDPR Certification scheme for the industry which recycles your old IT, come and listen to Sarah Carr who is presenting at a conference in October, https://adisa.global/adisaconference2024/
hashtag#GDPRcompliance hashtag#certification hashtag#ADISA
I am so sorry that we missed this, can you confirm if you will be running it again?