The General Data Protection Regulation (GDPR) is the EU law that protects the privacy and data rights of individuals. GDPR includes a series of recitals that provide context, justification, and interpretation for the various provisions within the regulation. Recitals cover a wide range of topics related to data protection and are not legally binding, but they can be used as a reference by courts and authorities when resolving any ambiguity or dispute over the GDPR.
The recitals of the GDPR are the explanatory notes that accompany the articles of the General Data Protection Regulation (GDPR). There are 173 recitals in the GDPR, covering various topics such as the principles, rights, obligations, and enforcement of data protection. Below is the list of 173 recitals:
1. Data Protection as a Fundamental Right
2. Respect of the Fundamental Rights and Freedoms
3. Directive 95/46/EC Harmonisation
4. Data Protection in Balance with Other Fundamental
Rights
5. Cooperation Between Member States to Exchange Personal
Data
6. Ensuring a High Level of Data Protection Despite the
Increased Exchange of Data
7. The Framework is Based on Control and Certainty
8. Adoption into National Law
9. Different Standards of Protection by the Directive
95/46/EC
10. Harmonised Level of Data Protection Despite National
Scope
11. Harmonisation of the Powers and Sanctions
12. Authorization of the European Parliament and the
Council
13. Taking Account of Micro, Small and Medium-Sized
Enterprises
14. Not Applicable to Legal Persons
15. Technology Neutrality
16. Not Applicable to Activities Regarding National and
Common Security
17. Adaptation of Regulation (EC) No 45/2001
18. Not Applicable to Personal or Household Activities
19. Not Applicable to Criminal Prosecution
20. Respecting the Independence of the Judiciary
21. Liability Rules of Intermediary Service Providers
Shall Remain Unaffected
22. Processing by an Establishment
23. Applicable to Controllers/Processors Not Established
in the Union if Data Subjects Within the Union are Targeted
24. Applicable to Controllers/Processors Not Established
in the Union if Data Subjects Within the Union are Profiled
25. Applicable to Controllers Due to International Law
26. Not Applicable to Anonymous Data
27. Not Applicable to Data of Deceased Persons
28. Introduction of Pseudonymisation
29. Pseudonymisation at the Same Controller
30. Online Identifiers for Profiling and Identification
31. Not Applicable to Public Authorities in Connection
with Their Official Tasks
32. Conditions for Consent
33. Consent to Certain Areas of Scientific Research
34. Genetic Data
35. Health Data
36. Determination of the Main Establishment
37. Group of undertakings
38. Special Protection of Children's Personal Data
39. Principles of Data Processing
40. Lawfulness of Data Processing
41. Legal Basis or Legislative Measures
42. Burden of Proof and Requirements for Consent
43. Freely Given Consent
44. Performance of a Contract
45. Fulfillment of Legal Obligations
46. Vital Interests of the Data Subject
47. Overriding Legitimate Interest
48. Overriding Legitimate Interest Within Group of
Undertakings
49. Network and Information Security as Overriding
Legitimate Interest
50. Further Processing of Personal Data
51. Protecting Sensitive Personal Data
52. Exceptions to the Prohibition on Processing Special
Categories of Personal Data
53. Processing of Sensitive Data in Health and Social
Sector
54. Processing of Sensitive Data in Public Health Sector
55. Public Interest in Processing by Official Authorities
for Objectives of Recognized Religious Communities
56. Processing Personal Data on People's Political
Opinions by Parties
57. Additional Data for Identification Purposes
58. The Principle of Transparency
59. Procedures for the Exercise of the Rights of the Data
Subjects
60. Information Obligation
61. Time of Information
62. Exceptions to the Obligation to Provide Information
63. Right of Access
64. Identity Verification
65. Right of Rectification and Erasure
66. Right to be Forgotten
67. Restriction of Processing
68. Right of Data Portability
69. Right to Object
70. Right to Object to Direct Marketing
71. Profiling
72. Guidance of the European Data Protection Board
Regarding Profiling
73. Restrictions of Rights and Principles
74. Responsibility and Liability of the Controller
75. Risks to the Rights and Freedoms of Natural Persons
76. Risk Assessment
77. Risk Assessment Guidelines
78. Appropriate Technical and Organisational Measures
79. Allocation of the Responsibilities
80. Designation of a Representative
81. The Use of Processors
82. Record of Processing Activities
83. Security of Processing
84. Risk Evaluation and Impact Assessment
85. Notification Obligation of Breaches to the
Supervisory Authority
86. Notification of Data Subjects in Case of Data
Breaches
87. Promptness of Reporting / Notification
88. Format and Procedures of the Notification
89. Elimination of the General Reporting Requirement
90. Data Protection Impact Assessement
91. Necessity of a Data Protection Impact Assessment
92. Broader Data Protection Impact Assessment
93. Data Protection Impact Assessment at Authorities
94. Consultation of the Supervisory Authority
95. Support by the Processor
96. Consultation of the Supervisory Authority in the
Course of a Legislative Process
97. Data Protection Officer
98. Preparation of Codes of Conduct by Organisations and
Associations
99. Consultation of Stakeholders and Data Subjects in the
Development of Codes of Conduct
100. Certification
101. General Principles for International Data Transfers
102. International Agreements for an Appropriate Level of
Data Protection
103. Appropriate Level of Data Protection Based on an
Adequacy Decision
104. Criteria for an Adequacy Decision
105. Consideration of International Agreements for an
Adequacy Decision
106. Monitoring and Periodic Review of the Level of Data
Protection
107. Amendment, Revocation and Suspension of Adequacy
Decisions
108. Appropriate Safeguards
109. Standard Data Protection Clauses
110. Binding Corporate Rules
111. Exceptions for Certain Cases of International
Transfers
112. Data Transfers due to Important Reasons of Public
Interest
113. Transfers Qualified as Not Repetitive and that Only
Concern a Limited Number of Data Subjects
114. Safeguarding of Enforceability of Rights and
Obligations in the Absence of an Adequacy Decision
115. Rules in Third Countries Contrary to the Regulation
116. Cooperation Among Supervisory Authorities
117. Establishment of Supervisory Authorities
118. Monitoring of the Supervisory Authorities
119. Organisation of Several Supervisory Authorities of a
Member State
120. Features of Supervisory Authorities
121. Independence of the Supervisory Authorities
122. Responsibility of the Supervisory Authorities
123. Cooperation of the Supervisory Authorities with Each
Other and with the Commission
124. Lead Authority Regarding Processing in Several
Member States
125. Competences of the Lead Authority
126. Joint Decisions
127. Information of the Supervisory Authority Regarding
Local Processing
128. Responsibility Regarding Processing in the Public
Interest
129. Tasks and Powers of the Supervisory Authorities
130. Consideration of the Authority with which the
Complaint has been Lodged
131. Attempt of an Amicable Settlement
132. Awareness-Raising Activities and Specific Measures
133. Mutual Assistance and Provisional Measures
134. Participation in Joint Operations
135. Consistency Mechanism
136. Binding Decisions and Opinions of the Board
137. Provisional Measures
138. Urgency Procedure
139. European Data Protection Board
140. Secretariat and Staff of the Board
141. Right to Lodge a Complaint
142. The Right of Data Subjects to Mandate a
Not-For-Profit Body, Organisation or Association
143. Judicial Remedies
144. Related Proceedings
145. Choice of Venue
146. Indemnity
147. Jurisdiction
148. Penalties
149. Penalties for Infringements of National Rules
150. Administrative Fines
151. Administrative Fines in Denmark and Estonia
152. Power of Sanction of the Member States
153. Processing of Personal Data Solely for Journalistic
Purposes or for the Purposes of Academic, Artistic or Literary Expression
154. Principle of Public Access to Official Documents
155. Processing in the Employment Context
156. Processing for Archiving, Scientific or Historical
Research or Statistical Purposes
157. Information from Registries and Scientific Research
158. Processing for Archiving Purposes
159. Processing for Scientific Research Purposes
160. Processing for Historical Research Purposes
161. Consenting to the Participation in Clinical Trials
162. Processing for Statistical Purposes
163. Production of European and National Statistics
164. Professional or Other Equivalent Secrecy Obligations
165. No Prejudice of the Status of Churches and Religious
Associations
166. Delegated Acts of the Commission
167. Implementing Powers of the Commission
168. Implementing Acts on Standard Contractual Clauses
169. Immediately Applicable Implementing Acts
170. Principle of Subsidiarity and Principle of
Proportionality
171. Repeal of Directive 95/46/EC and Transitional
Provisions
172. Consultation of the European Data Protection
Supervisor
173. Relationship to Directive 2002/58/EC
No comments:
Post a Comment