Recitals
Your one-stop-shop for all GDPR Recitals.
Recitals 1 - 10
1.
Data Protection as a Fundamental Right
2.
Respect of the Fundamental Rights and Freedoms
3.
Directive 95/46/EC Harmonisation
4.
Data Protection in Balance with Other Fundamental Rights
5.
Cooperation Between Member States to Exchange Personal Data
6.
Ensuring a High Level of Data Protection Despite the Increased Exchange of Data
7.
The Framework is Based on Control and Certainty
8.
Adoption into National Law
9.
Different Standards of Protection by the Directive 95/46/EC
10.
Harmonised Level of Data Protection Despite National Scope
Recitals 11 - 20
11.
Harmonisation of the Powers and Sanctions
12.
Authorization of the European Parliament and the Council
13.
Taking Account of Micro, Small and Medium-Sized Enterprises
14.
Not Applicable to Legal Persons
15.
Technology Neutrality
16.
Not Applicable to Activities Regarding National and Common Security
17.
Adaptation of Regulation (EC) No 45/2001
18.
Not Applicable to Personal or Household Activities
19.
Not Applicable to Criminal Prosecution
20.
Respecting the Independence of the Judiciary
Recitals 21 - 30
21.
Liability Rules of Intermediary Service Providers Shall Remain Unaffected
22.
Processing by an Establishment
23.
Applicable to Controllers/Processors Not Established in the Union if Data Subjects Within the Union are Targeted
24.
Applicable to Controllers/Processors Not Established in the Union if Data Subjects Within the Union are Profiled
25.
Applicable to Controllers Due to International Law
26.
Not Applicable to Anonymous Data
27.
Not Applicable to Data of Deceased Persons
28.
Introduction of Pseudonymisation
29.
Pseudonymisation at the Same Controller
30.
Online Identifiers for Profiling and Identification
Recitals 31 - 40
31.
Not Applicable to Public Authorities in Connection with Their Official Tasks
32.
Conditions for Consent
33.
Consent to Certain Areas of Scientific Research
34.
Genetic Data
35.
Health Data
36.
Determination of the Main Establishment
37.
Group of undertakings
38.
Special Protection of Children's Personal Data
39.
Principles of Data Processing
40.
Lawfulness of Data Processing
Recitals 41 - 50
41.
Legal Basis or Legislative Measures
42.
Burden of Proof and Requirements for Consent
43.
Freely Given Consent
44.
Performance of a Contract
45.
Fulfillment of Legal Obligations
46.
Vital Interests of the Data Subject
47.
Overriding Legitimate Interest
48.
Overriding Legitimate Interest Within Group of Undertakings
49.
Network and Information Security as Overriding Legitimate Interest
50.
Further Processing of Personal Data
Recitals 51 - 60
51.
Protecting Sensitive Personal Data
52.
Exceptions to the Prohibition on Processing Special Categories of Personal Data
53.
Processing of Sensitive Data in Health and Social Sector
54.
Processing of Sensitive Data in Public Health Sector
55.
Public Interest in Processing by Official Authorities for Objectives of Recognized Religious Communities
56.
Processing Personal Data on People's Political Opinions by Parties
57.
Additional Data for Identification Purposes
58.
The Principle of Transparency
59.
Procedures for the Exercise of the Rights of the Data Subjects
60.
Information Obligation
Recitals 61 - 70
61.
Time of Information
62.
Exceptions to the Obligation to Provide Information
63.
Right of Access
64.
Identity Verification
65.
Right of Rectification and Erasure
66.
Right to be Forgotten
67.
Restriction of Processing
68.
Right of Data Portability
69.
Right to Object
70.
Right to Object to Direct Marketing
Recitals 71 - 80
71.
Profiling
72.
Guidance of the European Data Protection Board Regarding Profiling
73.
Restrictions of Rights and Principles
74.
Responsibility and Liability of the Controller
75.
Risks to the Rights and Freedoms of Natural Persons
76.
Risk Assessment
77.
Risk Assessment Guidelines
78.
Appropriate Technical and Organisational Measures
79.
Allocation of the Responsibilities
80.
Designation of a Representative
Recitals 81 - 90
81.
The Use of Processors
82.
Record of Processing Activities
83.
Security of Processing
84.
Risk Evaluation and Impact Assessment
85.
Notification Obligation of Breaches to the Supervisory Authority
86.
Notification of Data Subjects in Case of Data Breaches
87.
Promptness of Reporting / Notification
88.
Format and Procedures of the Notification
89.
Elimination of the General Reporting Requirement
90.
Data Protection Impact Assessement
Recitals 91 - 100
91.
Necessity of a Data Protection Impact Assessment
92.
Broader Data Protection Impact Assessment
93.
Data Protection Impact Assessment at Authorities
94.
Consultation of the Supervisory Authority
95.
Support by the Processor
96.
Consultation of the Supervisory Authority in the Course of a Legislative Process
97.
Data Protection Officer
98.
Preparation of Codes of Conduct by Organisations and Associations
99.
Consultation of Stakeholders and Data Subjects in the Development of Codes of Conduct
100.
Certification
Recitals 101 - 110
101.
General Principles for International Data Transfers
102.
International Agreements for an Appropriate Level of Data Protection
103.
Appropriate Level of Data Protection Based on an Adequacy Decision
104.
Criteria for an Adequacy Decision
105.
Consideration of International Agreements for an Adequacy Decision
106.
Monitoring and Periodic Review of the Level of Data Protection
107.
Amendment, Revocation and Suspension of Adequacy Decisions
108.
Appropriate Safeguards
109.
Standard Data Protection Clauses
110.
Binding Corporate Rules
Recitals 111 - 120
111.
Exceptions for Certain Cases of International Transfers
112.
Data Transfers due to Important Reasons of Public Interest
113.
Transfers Qualified as Not Repetitive and that Only Concern a Limited Number of Data Subjects
114.
Safeguarding of Enforceability of Rights and Obligations in the Absence of an Adequacy Decision
115.
Rules in Third Countries Contrary to the Regulation
116.
Cooperation Among Supervisory Authorities
117.
Establishment of Supervisory Authorities
118.
Monitoring of the Supervisory Authorities
119.
Organisation of Several Supervisory Authorities of a Member State
120.
Features of Supervisory Authorities
Recitals 121 - 130
121.
Independence of the Supervisory Authorities
122.
Responsibility of the Supervisory Authorities
123.
Cooperation of the Supervisory Authorities with Each Other and with the Commission
124.
Lead Authority Regarding Processing in Several Member States
125.
Competences of the Lead Authority
126.
Joint Decisions
127.
Information of the Supervisory Authority Regarding Local Processing
128.
Responsibility Regarding Processing in the Public Interest
129.
Tasks and Powers of the Supervisory Authorities
130.
Consideration of the Authority with which the Complaint has been Lodged
Recitals 131 - 140
131.
Attempt of an Amicable Settlement
132.
Awareness-Raising Activities and Specific Measures
133.
Mutual Assistance and Provisional Measures
134.
Participation in Joint Operations
135.
Consistency Mechanism
136.
Binding Decisions and Opinions of the Board
137.
Provisional Measures
138.
Urgency Procedure
139.
European Data Protection Board
140.
Secretariat and Staff of the Board
Recitals 141 - 150
141.
Right to Lodge a Complaint
142.
The Right of Data Subjects to Mandate a Not-For-Profit Body, Organisation or Association
143.
Judicial Remedies
144.
Related Proceedings
145.
Choice of Venue
146.
Indemnity
147.
Jurisdiction
148.
Penalties
149.
Penalties for Infringements of National Rules
150.
Administrative Fines
Recitals 151 - 160
151.
Administrative Fines in Denmark and Estonia
152.
Power of Sanction of the Member States
153.
Processing of Personal Data Solely for Journalistic Purposes or for the Purposes of Academic, Artistic or Literary Expression
154.
Principle of Public Access to Official Documents
155.
Processing in the Employment Context
156.
Processing for Archiving, Scientific or Historical Research or Statistical Purposes
157.
Information from Registries and Scientific Research
158.
Processing for Archiving Purposes
159.
Processing for Scientific Research Purposes
160.
Processing for Historical Research Purposes
Recitals 161 - 170
161.
Consenting to the Participation in Clinical Trials
162.
Processing for Statistical Purposes
163.
Production of European and National Statistics
164.
Professional or Other Equivalent Secrecy Obligations
165.
No Prejudice of the Status of Churches and Religious Associations
166.
Delegated Acts of the Commission
167.
Implementing Powers of the Commission
168.
Implementing Acts on Standard Contractual Clauses
169.
Immediately Applicable Implementing Acts
170.
Principle of Subsidiarity and Principle of Proportionality