The General Data Protection Regulation (GDPR) recognises data concerning health as a special category of data and provides a definition for health data for data protection purposes. Though the innovative principles introduced by the GDPR (privacy by design or the prohibition of discriminatory profiling) remain relevant and applicable to health data as well, specific safeguards for personal health data and for a definitive interpretation of the rules that allows an effective and comprehensive protection of such data have now been addressed by the GDPR. Processes that foster innovation and better quality healthcare, such as clinical trials or mobile health, need robust data protection safeguards in order to maintain the trust and confidence of individuals in the rules designed to protect their data.