General Data Protection Regulation (GDPR)

The new European privacy legislation has been in place since 25 May 2016: the General Data Protection Regulation (GDPR). This also has consequences for higher education and research. Institutions have to respond well on time and SURF helps them do this.

AVG verordening

SURF services and the GDPR

SURF is working hard to implement the GDPR within its organisation, so that its own services will comply with the regulation as well.

SURF services in accordance with the Legal Standards Framework

SURF provides several services to its members. These services must also comply with the GDPR. That is why the SURF Legal Standards Framework for (Cloud) Services is used for services for which SURF processes personal data on behalf of institutions. Services are organised in a privacy-friendly way as much as possible and solid agreements are made with the institutions and possible (additional) suppliers. The GDPR compliance of other SURF services, such as the network, is also tested. In mediation situations, SURFmarket uses the SURF Legal Standards Framework as a foundation for negotiations with suppliers.