Adhere to UM-DPCSR
From 1 April 2022, ECPC will start accepting submissions from organisations that would like to adhere to the UM-DPCSR Framework. In the meantime, enquiries and manifestations of interest can be sent to paolo.balboni[at]maastrichtuniversity[dot]nl.
ECPC has adopted a “listing” approach for adherence to the Framework wherein organisations are listed in a public database - the UM-DPCSR Registry - under three different statuses:
- Applicant status;
- In-Progress status; and
- Implemented status.
In 2023, third-party verification by accredited auditors will also be provided.
Upon completion of the submission - which may be subject to a yearly contribution to be listed in the UM-DPCSR Registry - organisations will also receive:
- access to the UM-DPCSR Toolkit (practical guidelines to implement the UM-DPCSR Framework);
- training/coaching for the UM-DPCSR Coordinator in charge of implementing the Framework within the organisation; and
- use of the UM-DPCSR seal (once the organisation has implemented the Framework).
ECPC will sample a fixed percentage of the organisations listed with respect to their UM-DPCSR compliance posture each year and adopt remedies with respect to potential issues in the listed organisations by, e.g.:
- notifying the organisation of a need for remediation within, e.g., 15 days for minor infractions (clerical mistakes, inconsistencies);
- suspending the listing, pending compliance with identified minor substantial gaps;
- revoking the listing in case of substantial non-compliance.
NOTE: The UM-DPCSR Framework is neither a certification under Article 42 GDPR nor a code of conduct under Article 40 GDPR. In fact, the scope of the Framework is not to certify and/or further specify compliance with the GDPR. This is because the UM-DPCSR Framework presumes GDPR compliance and goes one step further to require that organisations process personal data in a fair, transparent, ethical, secure and sustainable manner with a clear commitment to actively promote data protection rights and cybersecurity hygiene within the digital society.