Promote your research data

Personal data

Information is considered personal data if it says something directly about a specific person or if this information can be traced to a person. When you are going to 'process' personal data, you have to follow certain rules. On this page you will find what personal data and special personal data are and what we mean by processing personal data.

Examples of personal data

Obvious examples are someone's name, address and place of residence. But also telephone numbers, zip codes with house numbers, the IP address of your computer, a passport photo or someone's exam results are personal data.

Special personal data

Special personal data are data that are so sensitive that their processing can seriously affect someone's privacy. The following data are regarded as special personal data:

  • Personal data revealing racial or ethnic origin;
  • Personal data revealing political views;
  • Personal data revealing religious or philosophical beliefs;
  • Personal data revealing membership of a trade union/association;
  • Genetic data;
  • Biometric data for the unique identification of a person;
  • Data about someone's health;
  • Data relating to a person's sexual behavior or sexual orientation.

Special personal data are extra protected by law. The GDPR assumes that the processing of these data is prohibited, but exceptions have been made for certain processing operations, which are mentioned in article 9 of the GDPR. There are also stricter requirements for the security of these personal data. 

Sensitive personal data

The AVG also mentions sensitive personal data. This includes in any case:

  • The citizen service number or foreigner's number (V-number);
  • A copy of an identity document / residence permit;
  • Personal data of minors;
  • Data concerning functioning, both of employees and students.

Processing personal data = everything you do with personal data

The privacy legislation applies to any 'processing' of personal data. Processing is understood to mean much more than providing personal data to third parties.  The law refers to 'collecting, recording, organizing, structuring, storing, updating or changing, retrieving, consulting, using, providing by transmission, distributing or otherwise making available, aligning or combining, blocking'. In short, everything you can do with personal data is covered by the term 'processing'. It does not matter whether the action is performed manually or automatically.

Protection of personal data is a legal obligation

Everyone must be able to trust that his or her personal data is adequately secured. According to the GDPR, Tilburg University is legally obliged to protect personal data. As a person, you must be able to assume that your personal data is in safe hands. After all, poor security can lead to misuse of your personal data. The subjects of privacy, personal data protection and security are therefore closely interrelated. Everyone who has to deal with the processing of personal data has to deal with the GDPR. That is why the university has included rules in its Privacy & Protection of Personal Data policy.