General Data Protection Regulation (GDPR)

The new European privacy legislation has been in place since 25 May 2016: the General Data Protection Regulation (GDPR). This also has consequences for higher education and research. Institutions have to respond well on time and SURF helps them do this.

AVG verordening

GDPR knowledge transfer

The new GDPR legislation has a major impact on education institutions. SURF is taking various initiatives to inform institutions about the changes in the privacy legislation as well as possible.

Five areas for knowledge transfer

SURF has gained a great deal of knowledge about the GDPR, often in collaboration with the institutions. There are four areas for GDPR knowledge transfer that SURF actively engages in:

  • Wiki with GDPR principles and topics, with an explanation of the law and its interpretation and a comparison with the Dutch Personal Data Protection Act (in Dutch).
  • Each quarter, SURF's privacy community SCIPR has a meeting to discuss the various GDPR subjects.
  • SURF organises knowledge sessions on GDPR implementation. The following topics have already been discussed (all in Dutch)
    • ​​​​The European Privacy Regulation: an action plan
    • The role of the Data Protection Officer (14 December)
    • The controller and the processor
    • A talk with the Personal Data Authority
  • The annual Privacy Awareness event: SURF is involved in the annual Privacy Speech and examines this topic together with the institutions in the week of the speech. The last Privacy Speech was on 21 November 2017.  
  • Privacy training module: the way we deal with personal data and privacy in education and research is about to change. With the arrival of the GDPR in May 2018, adjustments will also have to be made to the working methods of researchers and lecturers. But how do we approach this change and how do we make researchers and lecturers privacy aware? SURF offers blended teaching materials for this, that you, as a trainer or teacher, can use to help the people in your organisation to make their work GDPR-compliant. These materials are available in the Cybersave Yourself toolkit.