RPost Named an Approved Solution within the Information Commissioner’s Office (ICO) Newly approved UK GDPR Certification Standard LOCS:23
February 13, 2024 - London, England
RPost announces that its cybersecurity and privacy infused email, document rights management, secure file sharing, and eSignature services are among the first approved solutions to support legal services organisations looking to achieve UK GDPR privacy accreditation according to the LOCS:23 ICO approved standard.
The Legal Services Operational Privacy Certification Scheme (LOCS:23) is a newly approved standard accredited by the UK Information Commissioner’s Office (ICO). It has been published to provide a guideline for companies to achieve certification with an independent nationally recognized UK Accreditation Service (UKAS) approved Certification Body, the certification affirming that the certified company is using best practice technologies and methods to assure GDPR privacy compliance. The certification scheme targets legal service providers who typically process significant amounts of client personal data, as it assists them in choosing privacy-centric and regulatory-aware technology suppliers, and further, demonstrates to the regulators investment and care in managing personal data. For clients of legal service providers, working with a provider that is certified with LOCS:23 or uses LOCS:23 approved solutions provides greater assurance of data privacy and protection and mitigates privacy risks.
“Security, privacy, and compliance are in our RPost DNA. We’re pleased to have been recognized as the first secure communications provider to be named an approved solution for legal services companies to use to enhance their LOCS:23 certification and their GDPR privacy compliance,” states RPost CEO Zafar Khan. “We’ve invested in infusing security-centric technologies and privacy-centric content management features into all our products; we look forward to being there for clients looking to add these RPost compliance and privacy layers to their technology stack.”
Over the years, legal service providers have faced challenges in ensuring that the trust relationship they build with their clients is not let down by the technology services they subscribe to. Using LOCS:23 approved solutions signals to clients of legal service providers that the organisation is ‘compliant’ with current data protection legislation and has implemented best practices to mitigate risks of inadvertent leaks or damaging breaches.
“We’ve known legal services providers have entrusted RPost for years, to transmit firm and client sensitive data in the most secure and compliant manner, all-the-while keeping user experiences for senders and receivers simple,” states Tim Hyman, CEO of 2twenty4 Consulting and LOCS:23 originator. “And, with RPost infusing its security, privacy compliance and authentication technologies across its portfolio of Registered Email™ proof, RMail® security, RDocs™ controls, and RSign® eSignature platforms, with one provider --- RPost --- companies can achieve many of the LOCS:23 requirements, including secure responses to SARs and significantly minimizing reportable data breaches due to a true recall and delete function. We’re pleased to have named RPost one of our first LOCS:23 approved solutions and privacy enhancing technology.”
An easy target for GDPR enforcement is watching how organisations protect the privacy of information transmitted to external parties. Among the key GDPR requirements that RPost technologies help companies achieve --- in particular RPost’s Registered Encryption™ services --- is GDPR Article 5 Clause 1(f) and 2, and Article 32 Clause 1(a) and 1(d) which focus on the requirement to protect personal data during transmission with the ability to demonstrate fact of protection of personal data.
“There are many ways to encrypt email, nearly all of which make it more complicated for the intended receiver to review the message. Therefore, a tendency for senders, unless there is consequence, is to not use email encryption systems that are in place and available for use. The fact of an email encryption system being available for use is not fact of use. ‘Fact of Use’, we believe, will be a key criterion in regulatory audits, and in any case, a basis to protect organizations from accusations of a data privacy or GDPR compliance breach,” stated Nick Hawke, Chief Executive Officer, Association of Professional Compliance Consultants in the Foreword from the Technology Guide to Meet GDPR Compliance for Data Privacy for Email.
The following five evaluation categories (protection, utility, audit-ready compliance proof, empowering, and measurement) are important elements of an email encryption technology or service considering the requirements in GDPR for protecting personal data; in particular Article 5 for security, confidentiality, and accountability, and Article 32 for encrypting and assessing the effectiveness of technical measures to ensure securing.
Considering these requirements, the combination of RMail Registered Encryption™ and other RPost services provide not only GDPR compliant privacy, but also GDPR audit-ready proof of privacy compliance on a message-by-message basis.
Contact RPost to learn more.
October 03, 2024
September 27, 2024
August 02, 2024
July 18, 2024
July 17, 2024