Considering the following reasons the articles of the GDPR have been adopted. These are the latest and final recitals of April 27th 2016.

Recital 1Data protection as a fundamental right
Recital 2Respect of the fundamental rights and freedoms
Recital 3Directive 95/46/EC harmonisation
Recital 4Data protection in balance with other fundamental rights
Recital 5Cooperation between Member States to exchange personal data
Recital 6Ensuring a high level of data protection despite the increased exchange of data
Recital 7The framework is based on control and certainty
Recital 8Adoption into national law
Recital 9Different standards of protection by the Directive 95/46/EC
Recital 10Harmonised level of data protection despite national scope
Recital 11Harmonisation of the powers and sanctions
Recital 12Authorization of the European Parliament and the Council
Recital 13Taking account of micro, small and medium-sized enterprises
Recital 14Not applicable to legal persons
Recital 15Technology neutrality
Recital 16Not applicable to activities regarding national and common security
Recital 17Adaptation of Regulation (EC) No 45/2001
Recital 18Not applicable to personal or household activities
Recital 19Not applicable to criminal prosecution
Recital 20Respecting the independence of the judiciary
Recital 21Liability rules of intermediary service providers shall remain unaffected
Recital 22Processing by an establishment
Recital 23Applicable to processors not established in the Union if data subjects within the Union are targeted
Recital 24Applicable to processors not established in the Union if data subjects within the Union are profiled
Recital 25Applicable to processors due to international law
Recital 26Not applicable to anonymous data
Recital 27Not applicable to data of deceased persons
Recital 28Introduction of pseudonymisation
Recital 29Pseudonymisation at the same controller
Recital 30Online identifiers for profiling and identification
Recital 31Not applicable to public authorities in connection with their official tasks
Recital 32Conditions for consent
Recital 33Consent to certain areas of scientific research
Recital 34Genetic data
Recital 35Health data
Recital 36Determination of the main establishment
Recital 37Enterprise group
Recital 38Special protection of children’s personal data
Recital 39Principles of data processing
Recital 40Lawfulness of data processing
Recital 41Legal basis or legislative measures
Recital 42Burden of proof and requirements for consent
Recital 43Freely given consent
Recital 44Performance of a contract
Recital 45Fulfillment of legal obligations
Recital 46Vital interests of the data subject
Recital 47Overriding legitimate interest
Recital 48Overriding legitimate interest within group of undertakings
Recital 49Network and information security as overriding legitimate interest
Recital 50Further processing of personal data
Recital 51Protecting sensitive personal data
Recital 52Exceptions to the prohibition on processing special categories of personal data
Recital 53Processing of sensitive data in health and social sector
Recital 54Processing of sensitive data in public health sector
Recital 55Public interest in processing by official authorities for objectives of recognized religious communities
Recital 56Processing personal data on people’s political opinions by parties
Recital 57Additional data for identification purposes
Recital 58The principle of transparency
Recital 59Procedures for the exercise of the rights of the data subjects
Recital 60Information obligation
Recital 61Time of information
Recital 62Exceptions to the obligation to provide information
Recital 63Right of access
Recital 64Identity verification
Recital 65Right of rectification and erasure
Recital 66Right to be forgotten
Recital 67Restriction of processing
Recital 68Right of data portability
Recital 69Right to object
Recital 70Right to object to direct marketing
Recital 71Profiling
Recital 72Guidance of the European Data Protection Board regarding profiling
Recital 73Restrictions of rights and principles
Recital 74Responsibility and liability of the controller
Recital 75Risks to the rights and freedoms of natural persons
Recital 76Risk assessment
Recital 77Risk assessment guidelines
Recital 78Appropriate technical and organisational measures
Recital 79Allocation of the responsibilities
Recital 80Designation of a representative
Recital 81The use of processors
Recital 82Record of processing activities
Recital 83Security of processing
Recital 84Risk evaluation and impact assessment
Recital 85Notification obligation of breaches to the supervisory authority
Recital 86Notification of data subjects in case of data breaches
Recital 87Promptness of reporting / notification
Recital 88Format and procedures of the notification
Recital 89Elimination of the general reporting requirement
Recital 90Data protection impact assessement
Recital 91Necessity of a data protection impact assessment
Recital 92Broader data protection impact assessment
Recital 93Data protection impact assessment at authorities
Recital 94Consultation of the supervisory authority
Recital 95Support by the processor
Recital 96Consultation of the supervisory authority in the course of a legislative process
Recital 97Data protection officer
Recital 98Preparation of codes of conduct by organisations and associations
Recital 99Consultation of stakeholders and data subjects in the development of codes of conduct
Recital 100Certification
Recital 101General principles for international data transfers
Recital 102International agreements for an appropriate level of data protection
Recital 103Appropriate level of data protection based on an adequacy decision
Recital 104Criteria for an adequacy decision
Recital 105Consideration of international agreements for an adequacy decision
Recital 106Monitoring and periodic review of the level of data protection
Recital 107Amendment, revocation and suspension of adequacy decisions
Recital 108Appropriate safeguards
Recital 109Standard data protection clauses
Recital 110Binding corporate rules
Recital 111Exceptions for certain cases of international transfers
Recital 112Data transfers due to important reasons of public interest
Recital 113Transfers qualified as not repetitive and that only concern a limited number of data subjects
Recital 114Safeguarding of enforceability of rights and obligations in the absence of an adequacy decision
Recital 115Rules in third countries contrary to the Regulation
Recital 116Cooperation among supervisory authorities
Recital 117Establishment of supervisory authorities
Recital 118Monitoring of the supervisory authorities
Recital 119Organisation of several supervisory authorities of a Member State
Recital 120Features of supervisory authorities
Recital 121Independence of the supervisory authorities
Recital 122Responsibility of the supervisory authorities
Recital 123Cooperation of the supervisory authorities with each other and with the Commission
Recital 124Lead authority regarding processing in several Member States
Recital 125Competences of the lead authority
Recital 126Joint decisions
Recital 127Information of the supervisory authority regarding local processing
Recital 128Responsibility regarding processing in the public interest
Recital 129Tasks and powers of the supervisory authorities
Recital 130Consideration of the authority with which the complaint has been lodged
Recital 131Attempt of an amicable settlement
Recital 132Awareness-raising activities and specific measures
Recital 133Mutual assistance and provisional measures
Recital 134Participation in joint operations
Recital 135Consistency mechanism
Recital 136Binding decisions and opinions of the Board
Recital 137Provisional measures
Recital 138Urgency procedure
Recital 139European Data Protection Board
Recital 140Secretariat and staff of the Board
Recital 141Right to lodge a complaint
Recital 142The right of data subjects to mandate a not-for-profit body, organisation or association
Recital 143Judicial remedies
Recital 144Related proceedings
Recital 145Choice of venue
Recital 146Indemnity
Recital 147Jurisdiction
Recital 148Penalties
Recital 149Penalties for infringements of national rules
Recital 150Administrative fines
Recital 151Administrative fines in Denmark and Estonia
Recital 152Power of sanction of the Member States
Recital 153Processing of personal data solely for journalistic purposes or for the purposes of academic, artistic or literary expression
Recital 154Principle of public access to official documents
Recital 155Processing in the employment context
Recital 156Processing for archiving, scientific or historical research or statistical purposes
Recital 157Information from registries and scientific research
Recital 158Processing for archiving purposes
Recital 159Processing for scientific research purposes
Recital 160Processing for historical research purposes
Recital 161Consenting to the participation in clinical trials
Recital 162Processing for statistical purposes
Recital 163Production of European and national statistics
Recital 164Professional or other equivalent secrecy obligations
Recital 165No prejudice of the status of churches and religious associations
Recital 166Delegated acts of the Commission
Recital 167Implementing powers of the Commission
Recital 168Implementing acts on standard contractual clauses
Recital 169Immediately applicable implementing acts
Recital 170Principle of subsidiarity and principle of proportionality
Recital 171Repeal of Directive 95/46/EC and transitional provisions
Recital 172Consultation of the European Data Protection Supervisor
Recital 173Relationship to Directive 2002/58/EC

Need help with GDPR Compliance?
Contact VeraSafe’s Data Protection Experts Today

VeraSafe can help assess your compliance, and operationalize your GDPR compliance, including:

  • Data Mapping / Discovery
  • Gap Analysis
  • Privacy Policies