In many research areas, it is necessary to work with sensitive data that are subject to the regulations of the GDPR. Above all, this means clearly documenting all processes and securing them with suitable measures. In any case, contact us (hpcmaster@uni-tuebingen.de) prior to the transfer of sensitive data to a cluster or a cloud, to discuss what kind of data it is, who is responsible for it and which measures are suitable . This must always be done for every data record, regardless of whether the sensitive nature of the data was mentioned in a project outline (de.NBI, bwHPC). All data that allow conclusions to be drawn about natural persons, such as name lists, IP addresses, email addresses, health data, genome data and much more, are to be regarded as sensitive. With some data, pseudonymizing the data can help avoid conclusions, other data such as genome data cannot be pseudonymized per se. Due to the diverse nature of the various data, each project has to be considered individually. Contact us early (hpcmaster@uni-tuebingen.de) so that we can offer you a suitable and safe working environment and ensure that all administrative requirements are met.