On behalf of institutions, we perform privacy and security risk analyses on vendors. In doing so, we jointly fulfill legal obligations. By combining expertise, we achieve cost savings, knowledge sharing, and have a stronger negotiating position towards vendors on behalf of the education and research sector.

International attention

SURF and the educational institutions consider secure education that meets our public values very important. That is why we are joining forces in the Netherlands and SURF, whether or not in collaboration with partners, is entering into discussions with large and small vendors, within and outside Europe, to reach sound agreements. Open Protection of user data configuration settingsOpen Protection of user data configuration settings

Protection of user data

Through SURF, members make joint agreements with ICT and content vendors regarding the supply and purchase of products and services. Carrying out Data Protection Impact Assessments (DPIAs) is part of this.

It follows from the laws and regulations in Europe that vendors must take measures to protect users' data. From the GDPR, a DPIA is necessary to identify privacy risks to users. These DPIAs may reveal risks that must first be resolved before products and services can be used safely. In such a case, we engage with the vendors to see if we can find a solution together.

Talking to vendors delivers results

By joining forces in the sector, (large) tech companies are willing to sit down with us, improve and adapt their products to eliminate risks. This proves that you can achieve great results with cooperation. With this we ensure that Dutch education and research can make the best and safest possible use of ICT solutions that meet our public values.

Proud of collaboration 

SURF is proud of the fact that we are achieving good results in this area. And our approach is being noticed internationally. The New York Times even published an article about it on January 18, 2023.