LOCS:23 Certification

What is LOCS:23?

The Legal Services Operational Privacy Certification Scheme (LOCS:23) is the first sector-wide GDPR certification standard - approved by the Information Commissioner’s Office (ICO), for legal service providers and their solution partners.

It has been specifically developed to assist and support law firms and barristers’ chambers to meet their UK GDPR obligations, and evidence to clients that their data is properly and legally protected.

Who can achieve LOCS:23?

As it is a certification designed for the legal sector, any legal services business or or organisation which supplies to the legal sector can achieve LOCS:23 Certification, including:

  • Law firms
  • Barristers’ chambers
  • In-house legal teams
  • Legal software providers
  • Other legal solution providers

Our Successful Journey with LOCS:23

Briefed is the only legal services supplier that has achieved LOCS:23

Uniquely, as a supplier to the legal services world, we have undertaken the certification process ourselves, giving us a true understanding of not only what it takes for a business to achieve and maintain this new standard but how effective the standard is.

We supported the first UK Chambers in achieving LOCS:23 Certification

Briefed has supported 30 Park Place, the first UK chambers to achieve the standard, through its entire LOCS:23 journey. As their compliance partner for LOCS:23 and GDPR training, we assisted them in getting certification-ready. We were delighted when they were recently awarded the certification after an extensive audit conducted by ADISA.

Reduce ICO Fines

By achieving LOCS:23, you can mitigate against ICO enforcement action and reduce or prevent fines.

Win More Work & Public Tenders

Secure a competitive advantage, win more work and simplify your procurement and due dillgence process.

Easily Evidence Compliance

By meeting the LOCS:23 requirements, you will achieve a clear level of compliance that is universally recognised.

Mitigate Data Breaches

By enforcing certain LOCS:23 processes, you can reduce data breaches and consequent reputational damage and financial costs.

Key Benefits for Your Business

The LOCS:23 standard is key as it allows businesses to demonstrate their compliance using a tangible, quantifiable and auditable framework. By implementing this standard, businesses can protect themselves from fines, win more work, reduce data breaches, and show that they comply with industry standards.

Similar to how Cyber Essentials safeguards against online threats, LOCS:23 could soon become a prerequisite for businesses seeking to collaborate with public government bodies. With GDPR compliance a pressing issue in today's supply chain, numerous businesses, particularly financial institutions, are likely to embrace the LOCS:23 Standard to ensure the secure handling of client data.

Briefed as Your LOCS:23 Partner

Briefed is an accredited LOCS:23 Qualified Consultancy, and all of our in-house barristers are LOCS:23 Approved Implementors with experience helping clients successfully prepare for and pass LOCS:23 audits.

The LOCS:23 standard is lengthy and detailed, with 55 separately required controls spanning 85 pages. Our experienced barristers are best placed to help you understand exactly how to meet the requirements and the evidence you need to pass the independent audit process.

Our LOCS:23 GDPR training modules are currently the only UK training recognised as meeting the LOCS:23 training requirements by the official LOCS:23 scheme, and as such guarantee that your internal data protection training will meet audit requirements. This training was used to assist the first UK chambers, 30 Park Place, in achieving the LOCS:23 certification, alongside our guidance as their appointed implementors.

Our Barrister Implementation Team

Our team has a wealth of experience advising the legal sector on data protection working closely with Bar Councils, Law Societies and other legal regulators for the past 10 years. Our team will assist you in assessing your current compliance levels against the LOCS:23 standard, discussing your internal processes and practices, confirming cyber measures, and providing an action plan to fill in any gaps missing in your compliance.

Using our online booking system, you can book a free 30-minute eligibility call, and we will answer all your LOCS:23 questions.

Three Simple Stages to LOCS:23 Certification

Navigating the complex requirements of LOCS:23 compliance, which spans an extensive 85-page document, might seem daunting. By enlisting the expertise of us as your consultants, we will able to simplify the process into manageable steps. Our team of experienced barristers is readily available to provide guidance and support, addressing any concerns or enquiries that may arise during this regulatory journey.

Stage 1 - Free Consultation

We explain LOCS:23 processes and assess your eligibility. Once we agree on timelines, we review all documentation, discuss cyber security measures, and explore current GDPR processes and practices.

Stage 2 - Action Plan

We then provide you with an action plan summarising recommendations, implement missing measures and re-audit. Once completed, we will approve your organisation with 'Certification Ready' status.

Stage 3 - Success & Marketing

You can then apply for full certification. We will assist you through all mandatory reviews, support you during the UKAS Audit, collaborate on marketing, and help you leverage LOCS:23 for a competitive advantage.

Briefed support 30 Park Place in becoming the first UK chambers to achieve LOCS:23


"The decision to use Briefed to help navigate LOCS:23 was easy. 

Their training is approved by the LOCS:23 scheme, they have an in-depth knowledge of the standard and they have undergone the audit process themselves. 

As a result, they have been able to move us through the audit process quickly and efficiently, which was key for us."

Kayleigh Jefferies | Lead Civil & Public Law Clerk

30 Park Place


Our GDPR Training: LOCS:23 Approved

Each year, many organisations face investigations, significant fines and even criminal proceedings for sometimes simple errors that could have been prevented if staff had received the proper training. Even when data breaches are accidental, the effect this has on your professional reputation can be catastrophic for organisations.

Developed by barristers, Briefed offers high-quality, interactive and engaging online GDPR training for law firms, barristers’ chambers and businesses which fully meet the LOCS:23 certification requirements. Our sector-specific training highlights the unique working environments of different professions through real-life examples. We offer various levels of GDPR & Cyber training tailored to different organisational roles to ensure you meet the necessary regulations for everyone in your organisation.

  • GDPR Framework: An end-to-end solution for business owners or self-employed individuals.
  • GDPR Certification: For senior management, directors & HR departments who handle personal data daily.
  • GDPR Essentials: For the majority of staff processing data in daily roles.
  • GDPR Basics: For non-office-based staff who don't typically process data.
Your Story Business Free Masterclass Minimalist Pink
LOCS:23 Content Library

Frequently Asked Questions

What is LOCS:23?
How long does the LOCS:23 Certification last for?
What is an Approved Implementor?
How long can the LOCS:23 process take?
Who are the official LOCS:23 Certifying Body?
What are the benefits of achieving LOCS:23?
Who is eligible certify for LOCS:23?
Who are the key stakeholders who will be involved?
Technical Questions
What technical areas does LOCS:23 certification cover?
Cyber Essentials
If I have Cyber Essentials, do I need LOCS:23?
Can we use our Cyber Essentials certification as evidence?