(re)search tips

News and practical tips for research, information management and scholarly communication

GDPR: how do I register personal data processing activities?

Why register processing activities?

The General Data Protection Regulation (GDPR) requires that all processing of personal data at Ghent University and Ghent University Hospital be documented and registered in a 'register of processing activities', the GDPR Register.
This internal documentation obligation is an essential tool for the researcher to meet his accountability.

When to register processing activities?

Whether you are acting as a controller or as a processor, you must register processing activities that take place under your responsibility.

New processing activities

The registration must be done for each new processing activity, i.e. at the beginning of each new research project in which you process personal data (or the phase in the project in which you process personal data), and even before the start of the actual collection/processing of the data.

Existing processing activities

You must also register existing processing activities. This concerns ongoing research projects, whether they started before or after 25 May 2018 (that is the date on which the GDPR came into force).

Updates

In addition, it is important to keep the information regarding the registered processing activities up-to-date during the duration of the research project.

Where and how to record processing activities?

As of 26 June 2026, as a Ghent University researcher, you must document and register your processing activities related to personal data via Responsum (and therefore no longer via DMPonline.be). In Responsum, Ghent University staff can register both the GDPR record and (if necessary) the Data Protection Impact Assessment (DPIA). Existing GDPR records have been migrated by Ghent University to Responsum and can be consulted there.

Researchers at Ghent University Hospital can still use DMPonline.be to create a GDPR record based on the GDPR Register template, which can be used to register the processing of personal data in research. The DPIA tab of such a plan allows you to document the DPIA if your project involves high-risk processing of personal data. In that case, you will be asked a series of questions that will help you further assess and document the risks.

Data management plans (DMP) can still be created via DMPonline.be tool.

Keeping GDPR record up to date

Keep your GDPR record up-to-date in Responsum during the course of your research project. Via the 'My finalised GDPR records' tab, you can see a list of already created plans that you can then edit further. You can also find your old GDPR records that were previously created with DMPonline.be here.

Need help?

Check out the manual for GDPR records with Responsum
More information about Ghent University's policy on Data Management Plans.
More information about the requirements of external funders for Data Management Plans.

More information

Privacy and research

More tips

DMPonline.be: how do I write a Data Management Plan? (Write)
DMPonline.be: sign in via ORCID (Research integrity & ethics)
GDPR: What to keep in mind when developing or deploying apps for research? (Research integrity & ethics)
GDPR: Can I share research data with personal data with other researchers or institutions when my research project has ended? (Research integrity & ethics)
GDPR: how can I ensure that the processing of personal data is lawful? (Research integrity & ethics)
GDPR: how do I protect my data correctly? (Research integrity & ethics)
GDPR: how do I register personal data processing activities? (Research integrity & ethics)
GDPR: how long may I store research data containing personal data? (Research integrity & ethics)
GDPR: how to be transparent to data subjects in my research? (Research integrity & ethics)
GDPR: Pseudonymisation of personal data (Research integrity & ethics)
GDPR: what are personal data? (Research integrity & ethics)
GDPR: what are some things to consider when processing personal data from minors? (Research integrity & ethics)
GDPR: What are the basic principles? (Research integrity & ethics)
GDPR: What are the different roles and responsibilities according to the GDPR? (Research integrity & ethics)
GDPR: What do I need to think about when transferring personal data to third countries or international organisations? (Research integrity & ethics)
GDPR: What do I need to think about when using a mailing list in the context of my research? (Research integrity & ethics)
GDPR: what has changed with regard to the previous privacy legislation? (Research integrity & ethics)
GDPR: What information should I include in an informed consent form when the processing of personal data is based on the consent of the data subjects? (Research integrity & ethics)
GDPR: what is the General Data Protection Regulation? (Research integrity & ethics)
GDPR: What rights do data subjects have, how do I respect them and what exceptions may apply to research? (Research integrity & ethics)
GDPR: What should I consider when using social media data for scientific research? (Research integrity & ethics)
GDPR: what should I do in case of a data breach? (Research integrity & ethics)
GDPR: What should I do in the event of further/secondary processing of personal data? (Research integrity & ethics)
GDPR: What should I keep in mind when designing my research? (Research integrity & ethics)
GDPR: what should I keep in mind when processing special categories of personal data? (Research integrity & ethics)
GDPR: What should I take into account when developing or using AI? (Research integrity & ethics)
GDPR: What should I think about when I collaborate with others or share my data? (Research integrity & ethics)
GDPR: When am I processing high-risk personal data and when do I need to conduct a DPIA? (Research integrity & ethics)
GDPR: when do I engage in 'profiling'; what should I think about? And what is 'exclusively automated individual decision-making'? (Research integrity & ethics)
GDPR: when does it apply to my research? (Research integrity & ethics)
GDPR: who are considered to be vulnerable persons? (Research integrity & ethics)
GDPR: why is it important to comply with this legislation? (Research integrity & ethics)
Qualtrics: how do I use this survey tool? (Research integrity & ethics)
RSpace: how do I use this ELN? (Research integrity & ethics)

Translated tip

AVG: hoe registreer ik mijn verwerkingen van persoonsgegevens?

tags:

Research integrity & ethics

Last modified June 24, 2026, 6:47 p.m.

Questions? Suggestions?

libservice@ugent.be