''By engaging and staying in dialogue with vendors, we secure the best privacy and security conditions for research and teaching.''
International attention
Protection of user data
Through SURF, the members make joint agreements with IT and content vendors regarding the supply and purchase of products and services. Conducting Data Protection Impact Assessments (DPIAs) is part of this.
It follows from laws and regulations in Europe that vendors must take measures to protect users' data. From the GDPR, a DPIA is necessary to identify privacy risks to users. Those DPIAs may reveal risks that need to be resolved before safe use of products and services can be made. In such a case, we engage with the vendor to see if we can come to a solution together.
Talking to vendors gets results
By joining forces in the sector, (large) tech companies are willing to sit down with us, improve and adapt their products to remove risks. This proves that you can achieve great results with cooperation. By doing so, we ensure that Dutch education and research can make the best and safest possible use of IT solutions that meet our public values.
Proud of collaboration
SURF is proud of the fact that we achieve good results in this field. And our approach is noticed internationally. The New York Times even published an article about it on 18 January (behind login).