Masterclass Privacy Assessment Framework

This masterclass offers a comprehensive look at the content and application of the recently updated SURFaudit Privacy Assessment Framework. You will discover how to carry out an assessment effectively, for example for your own institution or for the national SURF benchmark.

Masterclass Toetsingskader privacy
26 Feb 2024
9.30 a.m.-8 p.m.
SURF office Utrecht


The SURFaudit Privacy Assessment Framework provides a solid basis and reference point for measuring the extent to which the protection of personal data within different education sectors (PO/VO, MBO, HBO and WO) meets the sector standard. It provides institutions with valuable insights, guidelines and follow-up actions to improve data protection maturity. With this assessment framework, they can effectively evaluate and optimise their processes, activities and measures for better data protection. It contributes to awareness, identification of potential deficiencies, risks and implementation of appropriate measures, ensuring secure processing of personal data. The SURFaudit Assessment Framework acts as a reliable guide for institutions striving for a strong data protection culture and compliance with the AVG. In addition, the Assessment Framework is used for the national privacy benchmark within education.

Who is this masterclass for?

The SURFaudit Masterclass Privacy Assessment Framework is aimed at privacy officers, data protection officers, IBP advisors and (IT) auditors/controllers. Given the interfaces between information security and the protection of personal data, this master class is also valuable for colleagues working in the field of information security/security in the education sector.

Getting started with the Privacy Assessment Framework

Under the guidance of privacy consultant Erik van den Beld, you will work concretely with the Assessment Framework and the domains and statements that are part of it. This will help you on your way to using the Assessment Framework.

The participants are colleagues from different education sectors. Using interactive working methods, you will have the opportunity to learn and become proficient in using and completing the Assessment Framework. The corresponding maturity levels will also be examined. There is plenty of opportunity for informal exchange/discussion, both during and after the master class.


During this master class, we will discuss all domains of the Assessment Framework with associated statements and scores. Below is the outline of the programme.

Monday 26 February


Walk-in and introduction


General introduction of the SURFaudit Privacy Assessment Framework and the Privacy Benchmark

10.15 Part I

Introduction and discussion of the Privacy Assessment Framework; the Domains with statements
11.15 Short break

Part II

Privacy Assessment Framework; continued Domains, statements and associated maturity levels

12.45 Break + lunch

Part III

Getting started with the Assessment Framework; discussion and initial (draft) interpretation of Assessment Framework (domains 1 to 3)

15.15 Short break

Part IV

Getting started II; discussion and (draft) interpretation of the Assessment Framework (domains 4 to 7)

17.30 Dinner, any outstanding questions/clarifications and informal review.


Number of participants

The maximum number of participants is 15; if there are fewer than 10 participants, the master class will not take place.


The cost is 250 euro per participant (excluding VAT), lunch and dinner are included. SURF will arrange the registration of the masterclasses. The SURF registration system only accepts direct payment (iDeal or credit card). After completing your registration, you will receive an e-mail as confirmation with the invoice in an attachment.