Recitals

Considering the following reasons the articles of the GDPR have been adopted. These are the latest and final recitals of April 27th 2016.

(1)Data protection as a fundamental right
(2)Respect of the fundamental rights and freedoms
(3)Directive 95/46/EC harmonisation
(4)Data protection in balance with other fundamental rights
(5)Cooperation between Member States to exchange personal data
(6)Ensuring a high level of data protection despite the increased exchange of data
(7)The framework is based on control and certainty
(8)Adoption into national law
(9)Different standards of protection by the Directive 95/45/EC
(10)Harmonised level of data protection despite national scope
(11)Harmonisation of the powers and sanctions
(12)Authorization of the European Parliament and the Council
(13)Taking account of micro, small and medium-sized enterprises
(14)Not applicable to legal persons
(15)Technology neutrality
(16)Not applicable to activities regarding national and common security
(17)Adaptation of Regulation (EC) No 45/2001
(18)Not applicable to personal or household activities
(19)Not applicable to criminal prosecution
(20)Respecting the independence of the judiciary
(21)Liability rules of intermediary service providers shall remain unaffected
(22)Processing by an establishment
(23)Applicable to processors not established in the Union if data subjects wihtin the Union are targeted
(24)Applicable to processors not established in the Union if data subjects within the Union are profiled
(25)Applicable to processors due to international law
(26)Not applicable to anonymous data
(27)Not applicable to data of deceased persons
(28)Introduction of pseudonymisation
(29)Pseudonymisation at the same controller
(30)Online identifiers for profiling and identification
(31)Not applicable to public authorities in connection with their official tasks
(32)Consent
(33)Consent to certain areas of scientific research
(34)Genetic data
(35)Health data
(36)Determination of the main establishment
(37)Enterprise group
(38)Special protection of children's personal data
(39)Principles of data processing
(40)Lawfulness of data processing
(41)Legal basis or legislative measures
(42)Burden of proof and requiremenst for consent
(43)Freely given consent
(44)Performance of a contract
(45)Fulfillment of legal obligations
(46)Vital interests of the data subject
(47)Overriding legitimate interest
(48)Overriding legitimate interest within group of undertakings
(49)Network and information security as overriding legitimate interest
(50)Further processing of personal data
(51)Protecting sensitive personal data
(52)Exceptions to the prohibition on processing special categories of personal data
(53)Processing of sensitive data in health and social sector
(54)Processing of sensitive data in public health sector
(55)Public interest in processing by official authorities for objectives of recognized religious communities
(56)Processing personal data on people's political opinions by parties
(57)Additional data for identification purposes
(58)The principle of transparency
(59)Procedures for the exercise of the rights of the data subjects
(60)Information obligation
(61)Time of information
(62)Exceptions to the obligation to provide information
(63)Right of access
(64)Identity verification
(65)Right of rectification and erasure
(66)Right to be forgotten
(67)Restriction of processing
(68)Right of data portability
(69)Right to object
(70)Right to object to direct marketing
(71)Profiling
(72)Guidance of the European Data Protection Board regarding profiling
(73)Restrictions of rights and principles
(74)Responsibility and liability of the controller
(75)Risks to the rights and freedoms of natural persons
(76)Risk assessment
(77)Risk assessment guidelines
(78)Appropriate technical and organisational measures
(79)Allocation of the responsibilities
(80)Designation of a representative
(81)The use of processors
(82)Record of processing activities
(83)Security of processing
(84)Risk evaluation and impact assessment
(85)Notification obligation of breaches to the supervisory authority
(86)Notification of data subjects in case of data breaches
(87)Promptness of reporting / notification
(88)Format and procedures of the notification
(89)Elimination of the general reporting requirement
(90)Data protection impact assessement
(91)Necessity of a data protection impact assessment
(92)Broader data protection impact assessment
(93)Data protection impact assessment at authorities
(94)Consultation of the supervisory authority
(95)Support by the processor
(96)Consultation of the supervisory authority in the course of a legislative process
(97)Data protection officer
(98)Preparation of codes of conduct by organisations and associations
(99)Consultation of stakeholders and data subjects in the development of codes of conduct
(100)Certification
(101)General principles for international data transfers
(102)International agreements for an appropriate level of data protection
(103)Appropriate level of data protection based on an adequacy decision
(104)Criteria for an adequacy decision
(105)Consideration of international agreements for an adequacy decision
(106)Monitoring and periodic review of the level of data protection
(107)Amendment, revocation and suspension of adequacy decisions
(108)Appropriate safeguards
(109)Standard data protection clauses
(110)Binding corporate rules
(111)Exceptions for certain cases of international transfers
(112)Data transfers due to important reasons of public interest
(113)Tansfers qualified as not repetitive and that only concern a limited number of data subjects
(114)Safeguarding of enforceability of rights and obligations in the absence of an adequacy decision
(115)Rules in third countries contrary to the Regulation
(116)Cooperation among supervisory authorities
(117)Establishment of supervisory authorities
(118)Monitoring of the supervisory authorities
(119)Organisation of several supervisory authorities of a Member State
(120)Features of supervisory authorities
(121)Independence of the supervisory authorities
(122)Responsibility of the supervisory authorities
(123)Cooperation of the supervisory authorities with each other and with the Commission
(124)Lead authority bregarding processing in several Member States
(125)Competences of the lead authority
(126)Joint decisions
(127)Information of the supervisory authority regarding local processing
(128)Responsibility regarding processing in the public interest
(129)Tasks and powers of the supervisory authorities
(130)Consideration of the authority with which the complaint has been lodged
(131)attempt of an amicable settlement
(132)Awareness-raising activities and specific measures
(133)Mutual assistance and provisional measures
(134)Participation in joint operations
(135)Consistency mechanism
(136)Binding decisions and opinions of the Board
(137)Provisional measures
(138)Urgency procedure
(139)European Data Protection Board
(140)Secretariat and staff of the Board
(141)Right to lodge a complaint
(142)The right of data subjects to mandate a not-for-profit body, organisation or association
(143)Judicial remedies
(144)Related proceedings
(145)Choice of venue
(146)Indemnity
(147)Jurisdiction
(148)Penalties
(149)Penalties for infringements of national rules
(150)Administrative fines
(151)Administrative fines in Denmark and Estonia
(152)Power of sanction of the Member States
(153)Processing of personal data solely for journalistic purposes or for the purposes of academic, artistic or literary expression
(154)Principle of public access to official documents
(155)Processing in the employment context
(156)Processing for archiving, scientific or historical research or statistical purposes
(157)Information from registries and scientific research
(158)Processing for archiving purposes
(159)Processing for scientific research purposes
(160)Processing for historical research purposes
(161)Consenting to the participation in clinical trials
(162)Processing for statistical purposes
(163)Production of European and national statistics
(164)Professional or other equivalent secrecy obligations
(165)No prejudice of the status of churches and religious associations
(166)Delegated acts of the Commission
(167)Implementing powers of the Commission
(168)Implementing acts on standard contractual clauses
(169)Immediately applicable implementing acts
(170)Principle of subsidiarity and principle of proportionality
(171)Repeal of Directive 95/46/EC and transitional provisions
(172)Consultation of the European Data Protection Supervisor
(173)Relationship to Directive 2002/58/EC