Why and how we should care about the General Data Protection Regulation

Rik Crutzen*, Gjalt-Jorn Peters, Christopher Mondschein

*Corresponding author for this work

Research output: Contribution to journalEditorialAcademicpeer-review

26 Citations (Web of Science)


The General Data Protection Regulation (GDPR) is the new European Union-wide (EU) law on data protection, which is a great step towards more comprehensive and more far-reaching protection of individuals' personal data. In this editorial, we describe why and how we - as researchers within the field of health psychology - should care about the GDPR. In the first part, we explain when the GDPR is applicable, who is accountable for data protection, and what is covered by the notions of personal data and processing. In the second part, we explain aspects of the GDPR that are relevant for researchers within the field of health psychology (e.g., obtaining informed consent, data minimisation, and open science). We focus on questions that researchers may ask themselves in their daily practice. Compliance with the GDPR requires adopting research practices (e.g., data minimisation and anonymization procedures) that are not yet commonly used, but serve the fundamental right to protection of personal data of study participants.

Original languageEnglish
Pages (from-to)1347-1357
Number of pages11
JournalPsychology & Health
Issue number11
Early online date21 May 2019
Publication statusPublished - 2 Nov 2019


  • GDPR
  • data protection
  • open science
  • personal data

Cite this