Vendor compliance

On behalf of institutions, we perform privacy and security risk analyses on vendors. In this way, we jointly fulfil statutory obligations. By combining expertise, we achieve cost savings, knowledge sharing and, on behalf of the education and research sector, we have a stronger negotiating position towards vendors.

Handen met computer met groen op de achtergrond reflecterend in het scherm

What you need to know about... DPIAs

Listen to the SURFshort podcast with privacy lawyer Sophia Gelpke on DPIAs, vendor compliance and privacy law in a geopolitical context.

TOPdesk implements privacy improvements following SURF DPIA

News

Institutions can continue to use TOPdesk, according to SURF's DPIA. SURF identified 9 high risks and 3 low risks. TOPdesk has already mitigated 4 of the high risks and will mitigate the remaining…

News

DPIA EduGenAI

Working on safe and responsible AI in education

Together with Npuls, we are working on EduGenAI: a platform that enables the safe and responsible use of generative AI in higher education. We commissioned a data protection impact assessment (DPIA)…

News 01 September 2025

Vrouw met koptelefoon gefotografeerd op haar achterhoofd kijkt naar laptop waarvan het scherm onscherp is

SURF advises not to use Microsoft 365 Copilot for the time being due to privacy risks

We advise educational and research institutions not to use Microsoft 365 Copilot for the time being. This is because research shows that there are privacy risks associated with using the generative…

News 18 December 2024

jongen met bril zit op de trap en werkt op een laptop.

Safe cloud use: Zoom and SURF together provide seatbelts and airbags

Zoom is popular in the Netherlands, but still struggled with a nine privacy issues in 2020. Zoom can now be safely used in Dutch education and research: the Data Protection Impact Assessment (DPIA) on Zoom indicated that using Zoom's video conferencing services no longer poses high risks to users.

Article

Working with the US: a good conversation on data security

How do you safeguard data protection at the international level? At the end of 2022, this question was the focus of the discussion 'The Dutch and US approach to data protection: moving forward together'.