Recital 1 | – | Data protection as a fundamental right |
Recital 2 | – | Respect of the fundamental rights and freedoms |
Recital 3 | – | Directive 95/46/EC harmonisation |
Recital 4 | – | Data protection in balance with other fundamental rights |
Recital 5 | – | Cooperation between Member States to exchange personal data |
Recital 6 | – | Ensuring a high level of data protection despite the increased exchange of data |
Recital 7 | – | The framework is based on control and certainty |
Recital 8 | – | Adoption into national law |
Recital 9 | – | Different standards of protection by the Directive 95/46/EC |
Recital 10 | – | Harmonised level of data protection despite national scope |
Recital 11 | – | Harmonisation of the powers and sanctions |
Recital 12 | – | Authorization of the European Parliament and the Council |
Recital 13 | – | Taking account of micro, small and medium-sized enterprises |
Recital 14 | – | Not applicable to legal persons |
Recital 15 | – | Technology neutrality |
Recital 16 | – | Not applicable to activities regarding national and common security |
Recital 17 | – | Adaptation of Regulation (EC) No 45/2001 |
Recital 18 | – | Not applicable to personal or household activities |
Recital 19 | – | Not applicable to criminal prosecution |
Recital 20 | – | Respecting the independence of the judiciary |
Recital 21 | – | Liability rules of intermediary service providers shall remain unaffected |
Recital 22 | – | Processing by an establishment |
Recital 23 | – | Applicable to processors not established in the Union if data subjects within the Union are targeted |
Recital 24 | – | Applicable to processors not established in the Union if data subjects within the Union are profiled |
Recital 25 | – | Applicable to processors due to international law |
Recital 26 | – | Not applicable to anonymous data |
Recital 27 | – | Not applicable to data of deceased persons |
Recital 28 | – | Introduction of pseudonymisation |
Recital 29 | – | Pseudonymisation at the same controller |
Recital 30 | – | Online identifiers for profiling and identification |
Recital 31 | – | Not applicable to public authorities in connection with their official tasks |
Recital 32 | – | Conditions for consent |
Recital 33 | – | Consent to certain areas of scientific research |
Recital 34 | – | Genetic data |
Recital 35 | – | Health data |
Recital 36 | – | Determination of the main establishment |
Recital 37 | – | Enterprise group |
Recital 38 | – | Special protection of children’s personal data |
Recital 39 | – | Principles of data processing |
Recital 40 | – | Lawfulness of data processing |
Recital 41 | – | Legal basis or legislative measures |
Recital 42 | – | Burden of proof and requirements for consent |
Recital 43 | – | Freely given consent |
Recital 44 | – | Performance of a contract |
Recital 45 | – | Fulfillment of legal obligations |
Recital 46 | – | Vital interests of the data subject |
Recital 47 | – | Overriding legitimate interest |
Recital 48 | – | Overriding legitimate interest within group of undertakings |
Recital 49 | – | Network and information security as overriding legitimate interest |
Recital 50 | – | Further processing of personal data |
Recital 51 | – | Protecting sensitive personal data |
Recital 52 | – | Exceptions to the prohibition on processing special categories of personal data |
Recital 53 | – | Processing of sensitive data in health and social sector |
Recital 54 | – | Processing of sensitive data in public health sector |
Recital 55 | – | Public interest in processing by official authorities for objectives of recognized religious communities |
Recital 56 | – | Processing personal data on people’s political opinions by parties |
Recital 57 | – | Additional data for identification purposes |
Recital 58 | – | The principle of transparency |
Recital 59 | – | Procedures for the exercise of the rights of the data subjects |
Recital 60 | – | Information obligation |
Recital 61 | – | Time of information |
Recital 62 | – | Exceptions to the obligation to provide information |
Recital 63 | – | Right of access |
Recital 64 | – | Identity verification |
Recital 65 | – | Right of rectification and erasure |
Recital 66 | – | Right to be forgotten |
Recital 67 | – | Restriction of processing |
Recital 68 | – | Right of data portability |
Recital 69 | – | Right to object |
Recital 70 | – | Right to object to direct marketing |
Recital 71 | – | Profiling |
Recital 72 | – | Guidance of the European Data Protection Board regarding profiling |
Recital 73 | – | Restrictions of rights and principles |
Recital 74 | – | Responsibility and liability of the controller |
Recital 75 | – | Risks to the rights and freedoms of natural persons |
Recital 76 | – | Risk assessment |
Recital 77 | – | Risk assessment guidelines |
Recital 78 | – | Appropriate technical and organisational measures |
Recital 79 | – | Allocation of the responsibilities |
Recital 80 | – | Designation of a representative |
Recital 81 | – | The use of processors |
Recital 82 | – | Record of processing activities |
Recital 83 | – | Security of processing |
Recital 84 | – | Risk evaluation and impact assessment |
Recital 85 | – | Notification obligation of breaches to the supervisory authority |
Recital 86 | – | Notification of data subjects in case of data breaches |
Recital 87 | – | Promptness of reporting / notification |
Recital 88 | – | Format and procedures of the notification |
Recital 89 | – | Elimination of the general reporting requirement |
Recital 90 | – | Data protection impact assessement |
Recital 91 | – | Necessity of a data protection impact assessment |
Recital 92 | – | Broader data protection impact assessment |
Recital 93 | – | Data protection impact assessment at authorities |
Recital 94 | – | Consultation of the supervisory authority |
Recital 95 | – | Support by the processor |
Recital 96 | – | Consultation of the supervisory authority in the course of a legislative process |
Recital 97 | – | Data protection officer |
Recital 98 | – | Preparation of codes of conduct by organisations and associations |
Recital 99 | – | Consultation of stakeholders and data subjects in the development of codes of conduct |
Recital 100 | – | Certification |
Recital 101 | – | General principles for international data transfers |
Recital 102 | – | International agreements for an appropriate level of data protection |
Recital 103 | – | Appropriate level of data protection based on an adequacy decision |
Recital 104 | – | Criteria for an adequacy decision |
Recital 105 | – | Consideration of international agreements for an adequacy decision |
Recital 106 | – | Monitoring and periodic review of the level of data protection |
Recital 107 | – | Amendment, revocation and suspension of adequacy decisions |
Recital 108 | – | Appropriate safeguards |
Recital 109 | – | Standard data protection clauses |
Recital 110 | – | Binding corporate rules |
Recital 111 | – | Exceptions for certain cases of international transfers |
Recital 112 | – | Data transfers due to important reasons of public interest |
Recital 113 | – | Transfers qualified as not repetitive and that only concern a limited number of data subjects |
Recital 114 | – | Safeguarding of enforceability of rights and obligations in the absence of an adequacy decision |
Recital 115 | – | Rules in third countries contrary to the Regulation |
Recital 116 | – | Cooperation among supervisory authorities |
Recital 117 | – | Establishment of supervisory authorities |
Recital 118 | – | Monitoring of the supervisory authorities |
Recital 119 | – | Organisation of several supervisory authorities of a Member State |
Recital 120 | – | Features of supervisory authorities |
Recital 121 | – | Independence of the supervisory authorities |
Recital 122 | – | Responsibility of the supervisory authorities |
Recital 123 | – | Cooperation of the supervisory authorities with each other and with the Commission |
Recital 124 | – | Lead authority regarding processing in several Member States |
Recital 125 | – | Competences of the lead authority |
Recital 126 | – | Joint decisions |
Recital 127 | – | Information of the supervisory authority regarding local processing |
Recital 128 | – | Responsibility regarding processing in the public interest |
Recital 129 | – | Tasks and powers of the supervisory authorities |
Recital 130 | – | Consideration of the authority with which the complaint has been lodged |
Recital 131 | – | Attempt of an amicable settlement |
Recital 132 | – | Awareness-raising activities and specific measures |
Recital 133 | – | Mutual assistance and provisional measures |
Recital 134 | – | Participation in joint operations |
Recital 135 | – | Consistency mechanism |
Recital 136 | – | Binding decisions and opinions of the Board |
Recital 137 | – | Provisional measures |
Recital 138 | – | Urgency procedure |
Recital 139 | – | European Data Protection Board |
Recital 140 | – | Secretariat and staff of the Board |
Recital 141 | – | Right to lodge a complaint |
Recital 142 | – | The right of data subjects to mandate a not-for-profit body, organisation or association |
Recital 143 | – | Judicial remedies |
Recital 144 | – | Related proceedings |
Recital 145 | – | Choice of venue |
Recital 146 | – | Indemnity |
Recital 147 | – | Jurisdiction |
Recital 148 | – | Penalties |
Recital 149 | – | Penalties for infringements of national rules |
Recital 150 | – | Administrative fines |
Recital 151 | – | Administrative fines in Denmark and Estonia |
Recital 152 | – | Power of sanction of the Member States |
Recital 153 | – | Processing of personal data solely for journalistic purposes or for the purposes of academic, artistic or literary expression |
Recital 154 | – | Principle of public access to official documents |
Recital 155 | – | Processing in the employment context |
Recital 156 | – | Processing for archiving, scientific or historical research or statistical purposes |
Recital 157 | – | Information from registries and scientific research |
Recital 158 | – | Processing for archiving purposes |
Recital 159 | – | Processing for scientific research purposes |
Recital 160 | – | Processing for historical research purposes |
Recital 161 | – | Consenting to the participation in clinical trials |
Recital 162 | – | Processing for statistical purposes |
Recital 163 | – | Production of European and national statistics |
Recital 164 | – | Professional or other equivalent secrecy obligations |
Recital 165 | – | No prejudice of the status of churches and religious associations |
Recital 166 | – | Delegated acts of the Commission |
Recital 167 | – | Implementing powers of the Commission |
Recital 168 | – | Implementing acts on standard contractual clauses |
Recital 169 | – | Immediately applicable implementing acts |
Recital 170 | – | Principle of subsidiarity and principle of proportionality |
Recital 171 | – | Repeal of Directive 95/46/EC and transitional provisions |
Recital 172 | – | Consultation of the European Data Protection Supervisor |
Recital 173 | – | Relationship to Directive 2002/58/EC |