Exclusive Approved Privacy Management Software for LOCS:23

The UK Information Commissioner’s Office officially announced its approval of LOCS:23 as a UK GDPR certification and we’re delighted that Keepabl has been chosen by the Scheme Owner, 2twenty4 Consulting, as the Exclusive Approved Privacy Management Software for this groundbreaking new standard.

As Tim Hyman, CEO of 2twenty4, confirms:

Launching a new UK GDPR standard is a huge undertaking so we’ve been very careful in choosing approved providers. It’s crucial that those seeking certification against – or even simply alignment with – LOCS:23 can be confident in their choice of provider. I’m delighted that Keepabl is not only an approved solution, but our Exclusive Approved Privacy Management Software as we launch this exciting new, ICO-approved, UK GDPR standard for law firms and their processors. 

‘Approved Solutions will have been verified by the LOCS:23 Scheme Owners as demonstrating the following:

1. Must have proven knowledge of LOCS:23 standard.
2. Must assist with meeting one or more of the LOCS:23 standard requirements.
3. Must demonstrate UK GDPR compliance.’

As you can see in our LOCS:23 crosswalk, Keepabl’s Privacy Management Software helps you fulfil a huge percentage of the standard and our Privacy Policy Pack supports you in many more. Together, Keepabl is your provider of choice to implement a Privacy Management System that is compliant with LOCS:23.

LOCS:23

LOCS stands for Legal Services Operational Privacy Certification Scheme, and it’s a certification for UK GDPR approved by the UK ICO under Article 42 of UK GDPR. It’s based around the LOCS:23 standard – you can read more about it in our explainer blog.

• The LOCS:23 Standard is a set of controls that are required to be in place to achieve LOCS:23 Certification. As the only UK GDPR certification for Legal Service Providers and their processors approved by the ICO, being certified to LOCS:23 demonstrates your protecting client data in accordance with UK GDPR.
• The LOCS:23 Standard’s controls are mapped to the UK GDPR requirements relating to the processing of personal data in client files, to enable certified organisations to demonstrate compliance with UK data protection law.
• Legal Service Providers, such as loaw firms and barristers, and their suppliers, vendors, solution providers that have demonstrated compliance with the LOCS:23 standard and are certified by a UKAS-approved certification body, are entitled to use the LOCS:23 logo on their promotional material.

The UK ICO maintains a register of all UK GDPR certification schemes and data protection seals and marks.

Article 42 certification

As set out in Art 42 of UK GDPR, certification is to demonstrate compliance with UK GDPR:

The Commissioner shall encourage the establishment of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors. The specific needs of micro, small and medium-sized enterprises shall be taken into account.

Why achieve certification to LOCS:23?

As the UK ICO itself states:

‘Certification is a way of demonstrating that your processing of personal data complies with the UK GDPR requirements, in line with the accountability principle. Certification can help demonstrate data protection in a practical way to businesses, individuals and regulators. Your customers can use certification as a means to quickly assess the level of data protection of your particular product, process or service, which provides transparency both for data subjects and in business to business relationships.

The UK GDPR says that certification is also a means to:

• demonstrate compliance with the provisions on data protection by design and by default (Article 25(3));
• demonstrate that you have appropriate technical and organisational measures to ensure data security (Article 32(3)); and
• to support transfers of personal data to third countries or international organisations (Article 46(2)(f)).’

So if you achieve certification against LOCS:23, you’re demonstrating compliance with UK GDPR in your processing of client data, invaluable in winning trust and business, and building long-lasting relationships.

Who can be certified under LOCS:23?

LOCS:23 is a certification scheme for ‘Legal Service Providers, and their supplier / Vendors / Solution providers‘.

• Providers such as law firms and barristers can demonstrate to their clients that they can be trusted to process client data under a Privacy Management System that is compliant with UK GDPR.
• And processors of client data for those legal service providers, such as vendors of deal rooms, case management systems and document management systems, can demonstrate to law firms that they’ve a Privacy Management System in place to process the firm’s client data in accordance with UK GDPR.

As Emily Keaney, ICO Deputy Commissioner, said:

Legal service providers such as law firms and barristers’ chambers process large amounts of sensitive personal data. Signing up to this certification scheme will provide them with certainty that they are adhering to data protection standards and reduce time and resource spent assessing third party data processors.

It will also reassure their clients they are committed to looking after their personal details and have strong information security in place.

 

Keepabl accelerates your compliance

As the Exclusive Approved Privacy Management Software (we may have mentioned that before), you can be confident when you use Keepabl that you’ve chosen software that will not only automate your Privacy compliance but support you across the majority of LOCS:23. Our intuitive SaaS solution is ‘LOCS:23 out the box’ and helps you in so many ways:

• rapidly move your RoPA online and easily maintain it, with instant tactical gap analysis to make maintaining your RoPA in accordance with UK GDPR and LOCS:23 a breeze,
• super simple strategic benchmarking with our own BenchMark or our integration of the official ICO’s Accountability Framework,
• easy intake and management of data subject rights in our Rights management solution with unlimited, customisable Forms, instant alerts and Rights Log,
• equally easily manage Risk and intake and manage security and personal data breaches in our Breach management solution, also with as many tailored Forms as you want to intake Breaches, instant Breach Log and more,
• manage entities from joint controllers to sub-processors in your Data Map with instant due diligence analysis, agreement management, and role analysis so you know who is in your RoPA and what they’re doing there,
• make sure you keep on top of your compliance program with personal Tasks dashboards, hanging tasks on Activities, Rights and Breaches,
• all in a solution with B2B SaaS Security from least privilege access to 2FA, SSO, Audit Logs and available in 5 languages: English, French, German, Italian and Spanish.

Alongside our award-winning software, our Privacy Policy Pack ensures you have a leading suite of Privacy policies and procedures.

Let’s get you started today!

Request a Keepabl demo today and let’s get you on your way to LOCS:23 compliance!