Since the introduction of GDPR in 2018, organisations have faced a constant battle to fully comply with their data protection obligations without clear guidance as to what compliance looks like.  

Given the legal sector processes large volumes of highly sensitive and confidential personal data, compliance with data protection laws is paramount and central for the industry to uphold. 

 Yet, for law firms and chambers, compliance has often been given a low priority or perceived as complex and ambiguous.  

Why is data protection such a problem for the legal sector? 

The legal sector has become known for its struggles with data protection, with an array of issues making up for the reasons why: 

1. Due to the high volume of sensitive personal data they manage, legal organisations are frequently targeted by cyberattacks and consistently appear among the top 3 sectors ranked for experiencing data breaches.  
2. Data protection laws can often be ambiguous, and it's not always clear what a firm’s obligations are. This frequently leads to disagreements within organisations and can make it difficult to measure the firm’s compliance.
3. Carrying out extensive due diligence on data protection practices is resource-intensive and costly. Often, however, a lack of robust due diligence means key weaknesses are unaddressed and become significant risks to clients.
4. Human error is an ever-present problem faced by any organisation, not just the legal industry. Yet the potential consequences are far greater for law firms - all it takes is one lapse of judgment or missent email to cause a breach with serious ramifications for clients.   

With the launch of LOCS:23, law firms and chambers finally have a clear, industry-specific certification that makes GDPR compliance both measurable and manageable.  

But what exactly is it, and why is it becoming essential for legal organisations and their suppliers? 

What is LOCS:23? 

The Legal Services Operational Privacy Certification Scheme (LOCS:23) is the first sector-specific UK GDPR certification standard designed for legal service providers and their solution partners.  

Approved by the Information Commissioner’s Office (ICO), the certification has been developed to assist law firms and barristers’ chambers in meeting their GDPR obligations, and to give clients confidence their data is fully protected. 

More and more organisations are becoming aware of the importance of protecting personal data, while also wanting to avoid enforcement action from the ICO and as a result, the implementation of LOCS:23 is becoming increasingly necessary.  

How can LOCS:23 improve your GDPR compliance? 

By becoming certified, firms and chambers will see immediate benefits, including: 

• Assurance to clients and suppliers that their data is protected at the highest level.
• A commercial advantage over competitors and the ability to win more business.
• Certification will be taken as a mitigating factor by the ICO in the event of a data breach, avoiding fines and serious enforcement action.
• Overall improved data management and operational efficiency. 

How can Briefed support you in achieving certification? 

Briefed offers expert guidance from a team of experienced barristers dedicated to helping legal businesses and suppliers achieve and maintain this crucial standard.  

As a team of LOCS:23 specialists, we have a proven track record of success, assisting the first chambers in the UK – 30 Park Place – to achieve certification and guiding other clients like 36 Group and Muckle to a successful LOCS:23 certification.  

What sets us apart?  

We’ve been through the process ourselves, successfully achieving LOCS:23 certification as a legal services supplier. This firsthand experience gives us unmatched insight into the requirements, challenges, and best practices needed for success. 

When you partner with us, you’re not just getting guidance—you’re getting a team of barristers who know exactly what it takes to get certified. Our goal is to make the process as smooth and efficient as possible, helping you achieve certification in as little as 8–10 weeks while ensuring long-term compliance.