Data Protection as a Corporate Social Responsibility

The UM-DPCSR Project translates theoretical ethical principles into tangible and practical guidelines for companies and organisations processing personal data. By following the five principles and 25 rules constituting the Framework, organisations can improve transparency and accountability and engage in fair and secure data processing activities. In this way, organisations can positively contribute to the greater good of a sustainable data-driven economy and a democratic digital society.

Nearly four years after Europe’s General Data Protection Regulation entered into force, it is clear that the Regulation and mere legal compliance cannot sufficiently protect fundamental rights and freedoms and adequately mitigate the risks presented by new technologies and the current economic models that tend to degrade democratic systems in the exploitation of data. The UM-DPCSR Framework precisely aims to fill this gap.

“The UM-DPCSR Framework defines rules to help organisations go beyond compliance requirements, effectively protecting individuals while responsibly furthering their targets. The ultimate objective of the research project has been to cultivate a better data-centric future for all,” commented Prof. Dr. Paolo Balboni, who first proposed the concept on his personal blog in 2017 and presented it during his inaugural lecture at Maastricht University in 2019.

In January 2020, a two-year multistakeholder research project on Data Protection as a Corporate Social Responsibility was launched under Dr. Balboni’s direction at ECPC within the Maastricht University Faculty of Law. Since then, Mrs. Kate Francis (PhD candidate) and Dr. Balboni have worked together to concretize the concept and create the Framework.

The document published today illustrates the key findings of the research. From 1 April 2022, ECPC will start accepting submissions from organisations that would like to adhere to the Framework.

 More information is available on the ECPC website.