GDPR: what is the General Data Protection Regulation?

When you process personal data for your research, you must follow the rules of the General Data Protection Regulation (GDPR).

The GDPR: new European privacy legislation

The GDPR, which has been in force since 25 May 2018, modernises the existing privacy legislation. It creates a uniform European legislative framework and gives citizens/data subjects more control over how personal data is processed. The GDPR requires transparency and responsibility from organisations towards citizens/data subjects about how and why they process personal data.

National law

The GDPR provides that EU Member States can draw up national legislation for certain areas and exceptions. In Belgium, the Law on the protection of natural persons with regard to the processing of personal data was published in the Belgian Official Gazette on 5 September 2018.

The possibility stipulated in the GDPR to provide exceptions at national level also means that in research projects involving organisations/institutions from different Member States, you must thoroughly examine the national laws of all Member States concerned and the processing must comply with those requirements. 

UGent code of conduct

At UGent, the GDPR requirements were included in the Generic Code of Conduct for the processing of personal data and confidential information.

More information



More tips

Translated tip

Last modified Aug. 25, 2023, 11:27 a.m.