Adhere to UM-DPCSR

From 1 April 2022, ECPC will start accepting submissions from organisations that would like to adhere to the UM-DPCSR Framework. In the meantime, enquiries and manifestations of interest can be sent to paolo.balboni[at]maastrichtuniversity[dot]nl

ECPC has adopted a “listing” approach for adherence to the Framework wherein organisations are listed in a public database - the UM-DPCSR Registry - under three different statuses:

  1. Applicant status;
  2. In-Progress status; and
  3. Implemented status.

In 2023, third-party verification by accredited auditors will also be provided. 

Upon completion of the submission - which may be subject to a yearly contribution to be listed in the UM-DPCSR Registry - organisations will also receive:

  1. access to the UM-DPCSR Toolkit (practical guidelines to implement the UM-DPCSR Framework); 
  2. training/coaching for the UM-DPCSR Coordinator in charge of implementing the Framework within the organisation; and
  3. use of the UM-DPCSR seal (once the organisation has implemented the Framework). 

ECPC will sample a fixed percentage of the organisations listed with respect to their UM-DPCSR compliance posture each year and adopt remedies with respect to potential issues in the listed organisations by, e.g.:

  • notifying the organisation of a need for remediation within, e.g., 15 days for minor infractions (clerical mistakes, inconsistencies);
  • suspending the listing, pending compliance with identified minor substantial gaps;
  • revoking the listing in case of substantial non-compliance.

NOTE: The UM-DPCSR Framework is neither a certification under Article 42 GDPR nor a code of conduct under Article 40 GDPR. In fact, the scope of the Framework is not to certify and/or further specify compliance with the GDPR. This is because the UM-DPCSR Framework presumes GDPR compliance and goes one step further to require that organisations process personal data in a fair, transparent, ethical, secure and sustainable manner with a clear commitment to actively promote data protection rights and cybersecurity hygiene within the digital society.