Recital 1 : Data protection as a fundamental right
Recital 2 : Respect of the fundamental rights and freedoms
Recital 3 : Directive 95/46/EC harmonisation
Recital 4 : Data protection in balance with other fundamental rights
Recital 5 : Cooperation between Member States to exchange personal data
Recital 6 : Ensuring a high level of data protection despite the increased exchange of data
Recital 7 : The framework is based on control and certainty
Recital 8 : Adoption into national law
Recital 9 : Different standards of protection by the Directive 95/46/EC
Recital 10 : Harmonised level of data protection despite national scope
Recital 11 : Harmonisation of the powers and sanctions
Recital 12 : Authorization of the European Parliament and the Council
Recital 13 : Taking account of micro, small and medium-sized enterprises
Recital 14 : Not applicable to legal persons
Recital 15 : Technology neutrality
Recital 16 : Not applicable to activities regarding national and common security
Recital 17 : Adaptation of Regulation (EC) No 45/2001
Recital 18 : Not applicable to personal or household activities
Recital 19 : Not applicable to criminal prosecution
Recital 20 : Respecting the independence of the judiciary
Recital 21 : Liability rules of intermediary service providers shall remain unaffected
Recital 22 : Processing by an establishment
Recital 23 : Applicable to processors not established in the Union if data subjects within the Union are targeted
Recital 24 : Applicable to processors not established in the Union if data subjects within the Union are profiled
Recital 25 : Applicable to processors due to international law
Recital 26 : Not applicable to anonymous data
Recital 27 : Not applicable to data of deceased persons
Recital 28 : Introduction of pseudonymisation
Recital 29 : Pseudonymisation at the same controller
Recital 30 : Online identifiers for profiling and identification
Recital 31 : Not applicable to public authorities in connection with their official tasks
Recital 32 : Conditions for consent
Recital 33 : Consent to certain areas of scientific research
Recital 34 : Genetic data
Recital 35 : Health data
Recital 36 : Determination of the main establishment
Recital 37 : Enterprise group
Recital 38 : Special protection of children’s personal data
Recital 39 : Principles of data processing
Recital 40 : Lawfulness of data processing
Recital 41 : Legal basis or legislative measures
Recital 42 : Burden of proof and requirements for consent
Recital 43 : Freely given consent
Recital 44 : Performance of a contract
Recital 45 : Fulfillment of legal obligations
Recital 46 : Vital interests of the data subject
Recital 47 : Overriding legitimate interest
Recital 48 : Overriding legitimate interest within group of undertakings
Recital 49 : Network and information security as overriding legitimate interest
Recital 50 : Further processing of personal data
Recital 51 : Protecting sensitive personal data
Recital 52 : Exceptions to the prohibition on processing special categories of personal data
Recital 53 : Processing of sensitive data in health and social sector
Recital 54 : Processing of sensitive data in public health sector
Recital 55 : Public interest in processing by official authorities for objectives of recognized religious communities
Recital 56 : Processing personal data on people’s political opinions by parties
Recital 57 : Additional data for identification purposes
Recital 58 : The principle of transparency
Recital 59 : Procedures for the exercise of the rights of the data subjects
Recital 60 : Information obligation
Recital 61 : Time of information
Recital 62 : Exceptions to the obligation to provide information
Recital 64 : Right of access
Recital 63 : Identity verification
Recital 65 : Right of rectification and erasure
Recital 66 : Right to be forgotten
Recital 67 : Restriction of processing
Recital 68 : Right of data portability
Recital 69 : Right to object
Recital 70 : Right to object to direct marketing
Recital 71 : Profiling
Recital 72 : Guidance of the European Data Protection Board regarding profiling
Recital 73 : Restrictions of rights and principles
Recital 74 : Responsibility and liability of the controller
Recital 75 : Risks to the rights and freedoms of natural persons
Recital 76 : Risk assessment
Recital 77 : Risk assessment guidelines
Recital 78 : Appropriate technical and organisational measures
Recital 79 : Allocation of the responsibilities
Recital 80 : Designation of a representative
Recital 81 : The use of processors
Recital 82 : Record of processing activities
Recital 83 : Security of processing
Recital 84 : Risk evaluation and impact assessment
Recital 85 : Notification obligation of breaches to the supervisory authority
Recital 86 : Notification of data subjects in case of data breaches
Recital 87 : Promptness of reporting / notification
Recital 88 : Format and procedures of the notification
Recital 89 : Elimination of the general reporting requirement
Recital 90 : Data protection impact assessement
Recital 91: Necessity of a data protection impact assessment
Recital 92: Broader data protection impact assessment
Recital 93: Data protection impact assessment at authorities
Recital 94: Consultation of the supervisory authority
Recital 95: Support by the processor
Recital 96: Consultation of the supervisory authority in the course of a legislative process
Recital 97: Data protection officer
Recital 98: Preparation of codes of conduct by organisations and associations
Recital 99: Consultation of stakeholders and data subjects in the development of codes of conduct
Recital 100: Certification
Recital 101: General principles for international data transfers
Recital 102: International agreements for an appropriate level of data protection
Recital 103: Appropriate level of data protection based on an adequacy decision
Recital 104: Criteria for an adequacy decision
Recital 105: Consideration of international agreements for an adequacy decision
Recital 106: Monitoring and periodic review of the level of data protection
Recital 107: Amendment, revocation and suspension of adequacy decisions
Recital 108: Appropriate safeguards
Recital 109: Standard data protection clauses
Recital 110: Binding corporate rules
Recital 111: Exceptions for certain cases of international transfers
Recital 112: Data transfers due to important reasons of public interest
Recital 113: Transfers qualified as not repetitive and that only concern a limited number of data subjects
Recital 114: Safeguarding of enforceability of rights and obligations in the absence of an adequacy decision
Recital 115: Rules in third countries contrary to the Regulation
Recital 116: Cooperation among supervisory authorities
Recital 117: Establishment of supervisory authorities
Recital 118: Monitoring of the supervisory authorities
Recital 119: Organisation of several supervisory authorities of a Member State
Recital 120: Features of supervisory authorities
Recital 121: Independence of the supervisory authorities
Recital 122: Responsibility of the supervisory authorities
Recital 123: Cooperation of the supervisory authorities with each other and with the Commission
Recital 124: Lead authority bregarding processing in several Member States
Recital 125: Competences of the lead authority
Recital 126: Joint decisions
Recital 127: Information of the supervisory authority regarding local processing
Recital 128: Responsibility regarding processing in the public interest
Recital 129: Tasks and powers of the supervisory authorities
Recital 130: Consideration of the authority with which the complaint has been lodged
Recital 131: Attempt of an amicable settlement
Recital 132: Awareness-raising activities and specific measures
Recital 133: Mutual assistance and provisional measures
Recital 134: Participation in joint operations
Recital 135: Consistency mechanism
Recital 136: Binding decisions and opinions of the Board
Recital 137: Provisional measures
Recital 138: Urgency procedure
Recital 139: European Data Protection Board
Recital 140: Secretariat and staff of the Board
Recital 141: Right to lodge a complaint
Recital 142: The right of data subjects to mandate a not-for-profit body, organisation or association
Recital 143: Judicial remedies
Recital 144: Related proceedings
Recital 145: Choice of venue
Recital 146: Indemnity
Recital 147: Jurisdiction
Recital 148: Penalties
Recital 149: Penalties for infringements of national rules
Recital 150: Administrative fines
Recital 151: Administrative fines in Denmark and Estonia
Recital 152: Power of sanction of the Member States
Recital 153: Processing of personal data solely for journalistic purposes or for the purposes of academic, artistic or literary expression
Recital 154: Principle of public access to official documents
Recital 155: Processing in the employment context
Recital 156: Processing for archiving, scientific or historical research or statistical purposes
Recital 157: Information from registries and scientific research
Recital 158: Processing for archiving purposes
Recital 159: Processing for scientific research purposes
Recital 160: Processing for historical research purposes
Recital 161: Consenting to the participation in clinical trials
Recital 162: Processing for statistical purposes
Recital 163: Production of European and national statistics
Recital 164: Professional or other equivalent secrecy obligations
Recital 165: No prejudice of the status of churches and religious associations
Recital 166: Delegated acts of the Commission
Recital 167: Implementing powers of the Commission
Recital 168: Implementing acts on standard contractual clauses
Recital 169: Immediately applicable implementing acts
Recital 170 : Principle of subsidiarity and principle of proportionality
Recital 171: Repeal of Directive 95/46/EC and transitional provisions
Recital 172: Consultation of the European Data Protection Supervisor
Recital 173: Relationship to Directive 2002/58/EC