General Data Protection Regulation (GDPR)

The new European privacy legislation has been in place since 25 May 2016: the General Data Protection Regulation (GDPR). This also has consequences for higher education and research. Institutions have to respond well on time and SURF helps them do this.

AVG verordening

Privacy model policy

Most institutions either have implicit policies that contain rules for careful handling of personal data, or they have an information security policy that includes elements of privacy. This working group wants to create a general model policy that only focuses on the privacy aspects of policy.

Adapting policies to GDPR

The activities in this work package will provide institutions with tools to incorporate the model policy into their own policy, or to optimise their policy based on the requirements set by the 'Wbp' and the GDPR.

Formulating a privacy model policy

The privacy policy is provided as a model, which institutions can incorporate in or alongside existing policy with the aid of a guide. The institution can use the guideline to formulate policy, based on its own insight into the processing processes of personal data. The guideline indicates what is necessary to implement, what is desired and what can possibly be implemented (must, should, could).

Deliverables / working documents

General documents

Besides these working documents are also available: