First law firms certified under the new LOCS:23 GDPR compliance standard, ensuring robust data protection

13 Jun 2024News

A pilot scheme launched to provide law firms with a better understanding of General Data Protection Regulations (GDPR) and demonstrate compliance with its obligations has seen the first firms certified

Briefed and 30 Park Place have become the first legal supplier and barristers’ chambers to be officially certified for the new LOCS:23 standard after its pilot scheme concluded.

The Legal Services Operational Privacy Certification Scheme (LOCS:23) is the first sector-wide GDPR certification standard approved by the Information Commissioner’s Office (ICO) for legal service providers and their solution partners. It has been specifically developed to assist and support law firms and barristers’ chambers in meeting their UK GDPR obligations and to evidence to clients that their data is properly and legally protected.

What does LOCS:23 mean for the legal sector?

Until the existence of the LOCS:23 Standard, all levels of compliance with GDPR have been a matter of opinion from Data Protection Officers (DPOs) or someone in a similar role within organizations. Tim Hyman, the scheme owner of LOCS:23, believes that utilizing the new GDPR standard should be a given for all within the legal sector. He states that since the UK GDPR has been in place since 2018, firms should now leverage the ICO-approved standard to measure and audit themselves.

Conducting a pilot scheme allowed those involved to understand its requirements and make necessary adjustments before rolling it out industry-wide.

30 Park Place becomes the first certified UK chambers

30 Park Place achieved certification with the help of Briefed, who were soon after certified themselves. Catrin John, Head of Chambers at 30 Park Place, expressed pride in setting a compliance precedent and emphasised the importance of robust data protection practices in today’s digital landscape.

John highlighted that LOCS:23 certification not only demonstrates compliance but also instills confidence in clients, making it a valuable asset for their organisation.

New GDPR standards

Briefed Barrister and Approved LOCS:23 Implementor, Ben Murphy, noted that while the standard's comprehensive requirements might seem daunting initially, it largely codifies existing best practices in the legal sector. He emphasised the importance of continual review and updates to demonstrate compliance effectively.

Steve Mellings, Founder and CEO of the UKAS accredited certifying body ADISA, sees LOCS:23 as the way forward for the legal sector, despite its infancy. He commended Briefed for their innovation and well-deserved certification.

Former barrister-turned-Briefed CEO, Orlagh Kelly, believes the LOCS:23 certification offers significant advantages to the legal sector by providing a clear standard for GDPR compliance. She mentioned that the ICO will consider this certification in the event of a data breach, thus removing ambiguity and providing definitive guidance.

With the pilot scheme completed, the application window for organisations interested in the LOCS:23 certification is now open.

Legal News desk contact: editorial@solicitorsjournal.com

Latest Articles

Can artificial intelligence be trusted for legal research? Lessons from Ayinde

James Tumbridge, a Partner at Keystone Law, looks at the decision in Ayinde, R (On the Application Of) v London Borough of Haringey [2025] EWHC 1383 (Admin) (6 June 2025) concerning the duties that lawyers owe to the court and the actual or suspected use of artificial intelligence by lawyers to generate legal documents or arguments without adequate checking of the outputs