The General Data Protection Regulation (GDPR) is the new European Union-wide (EU) law on data protection, which is a great step towards more comprehensive and more far-reaching protection of individuals’ personal data. In this paper, we describe why and how we – as researchers within the field of health psychology – should care about the GDPR. In the first part, we explain when the GDPR is applicable, who is accountable for data protection, and what is covered by the notions of personal data and processing. In the second part, we explain aspects of the GDPR that are relevant for researchers with the field of health psychology (e.g., obtaining informed consent, data minimization, and open science). We focus on questions that researchers may ask themselves in their daily practice.