Why and how we should care about the General Data Protection Regulation

The General Data Protection Regulation (GDPR) is the new European Union-wide (EU) law on data protection, which is a great step towards more comprehensive and more far-reaching protection of individuals' personal data. In this editorial, we describe why and how we - as researchers within the field of health psychology - should care about the GDPR. In the first part, we explain when the GDPR is applicable, who is accountable for data protection, and what is covered by the notions of personal data and processing. In the second part, we explain aspects of the GDPR that are relevant for researchers within the field of health psychology (e.g., obtaining informed consent, data minimisation, and open science). We focus on questions that researchers may ask themselves in their daily practice. Compliance with the GDPR requires adopting research practices (e.g., data minimisation and anonymization procedures) that are not yet commonly used, but serve the fundamental right to protection of personal data of study participants.