Developed by the Scheme Owner – 2Twenty4 Consulting – LOCS:23 is a standard that focuses on client file data routinely processed in the legal sector. The objective is to build assurance among all parties and the data subject that personal data held within the client file is processed in accordance with the UK General Data Protection Regulation (UK GDPR).

The criteria received ICO approval in February 2024 and meets Article 42 of the UK GDPR as an approved certification.

Show that you comply with GDPR - as confirmed by the regulators. This standard has been formally approved by the Information Commissioner’s Office (ICO) as a UK GDPR Certification Scheme. The standard implements a recognized, measurable, and auditable data protection standard across your organisation, allowing you to meet stringent data protection requirements, boosting client confidence by showcasing your certification in safeguarding personal data.

Within LOCS:23 there is a requirement for all applicants to have performed an internal audit against the requirement of LOCS:23. We will ask for a copy of this during the audit process.

Ready to apply?

Have you assessed your GDPR compliance and familiarised yourself with key concepts like records of processing activities, data protection impact assessments, data subject rights, and lawful data processing?

Are you aware of your data flows, sources, storage systems, and sharing entities?

Have you evaluated your information security needs, including encryption, network security, and breach protocols?

Do you maintain a central list of policies with authors, sign-offs, and review periods?

What's next?

Please complete the enquiry form on our website. If you need assistance, email LOCS23@adisa.global to arrange a call with one of our team members.

Upon receiving your application, ADISA will send you a certification agreement and a non-disclosure agreement (NDA). As the disclosing party, you can either have ADISA sign your NDA or use our standard NDA.

Next, you’ll receive an invoice for the first year’s fees, which must be paid before proceeding to Stage 1. ADISA will notify the ICO of your application, and the ICO will review and approve it within five days, provided your business is not under investigation.

Once approved, you’ll receive a welcome pack with a Scheme Manual, templates, and additional guidance and videos.

Data Controllers: Law firms, Barristers and In-house Councils

Data Processors: Software Providers (document management), Solution providers (translation services) and Consultants (implementers)