The Regulation

All 173 GDPR recitals, explained.

The GDPR opens with 173 recitals — the preamble that sets out the reasoning behind every article. They are the key to interpreting the Regulation. Here is the full text of each one.

Recitals 1–30

1Data Protection as a Fundamental Right2Respect of the Fundamental Rights and Freedoms3Directive 95/46/EC Harmonisation4Data Protection in Balance with Other Fundamental Rights5Cooperation Between Member States to Exchange Personal Data6Ensuring a High Level of Data Protection Despite the Increased Exchange of Data7The Framework is Based on Control and Certainty8Adoption into National Law9Different Standards of Protection by the Directive 95/46/EC10Harmonised Level of Data Protection Despite National Scope11Harmonisation of the Powers and Sanctions12Authorization of the European Parliament and the Council13Taking Account of Micro, Small and Medium-Sized Enterprises14Not Applicable to Legal Persons15Technology Neutrality16Not Applicable to Activities Regarding National and Common Security17Adaptation of Regulation (EC) No 45/200118Not Applicable to Personal or Household Activities19Not Applicable to Criminal Prosecution20Respecting the Independence of the Judiciary21Liability Rules of Intermediary Service Providers Shall Remain Unaffected22Processing by an Establishment23Applicable to Controllers/Processors Not Established in the Union if Data Subjects Within the Union are Targeted24Applicable to Controllers/Processors Not Established in the Union if Data Subjects Within the Union are Profiled25Applicable to Controllers Due to International Law26Not Applicable to Anonymous Data27Not Applicable to Data of Deceased Persons28Introduction of Pseudonymisation29Pseudonymisation at the Same Controller30Online Identifiers for Profiling and Identification

Recitals 31–60

Recitals 61–90

Recitals 91–120

91Necessity of a Data Protection Impact Assessment92Broader Data Protection Impact Assessment93Data Protection Impact Assessment at Authorities94Consultation of the Supervisory Authority95Support by the Processor96Consultation of the Supervisory Authority in the Course of a Legislative Process97Data Protection Officer98Preparation of Codes of Conduct by Organisations and Associations99Consultation of Stakeholders and Data Subjects in the Development of Codes of Conduct100Certification101General Principles for International Data Transfers102International Agreements for an Appropriate Level of Data Protection103Appropriate Level of Data Protection Based on an Adequacy Decision104Criteria for an Adequacy Decision105Consideration of International Agreements for an Adequacy Decision106Monitoring and Periodic Review of the Level of Data Protection107Amendment, Revocation and Suspension of Adequacy Decisions108Appropriate Safeguards109Standard Data Protection Clauses110Binding Corporate Rules111Exceptions for Certain Cases of International Transfers112Data Transfers due to Important Reasons of Public Interest113Transfers Qualified as Not Repetitive and that Only Concern a Limited Number of Data Subjects114Safeguarding of Enforceability of Rights and Obligations in the Absence of an Adequacy Decision115Rules in Third Countries Contrary to the Regulation116Cooperation Among Supervisory Authorities117Establishment of Supervisory Authorities118Monitoring of the Supervisory Authorities119Organisation of Several Supervisory Authorities of a Member State120Features of Supervisory Authorities

Recitals 121–150

Recitals 151–173

Recitals are part of the GDPR's preamble. They are not binding in their own right, but courts and regulators use them to interpret the binding articles. Official text reproduced from EUR-Lex — © European Union.

From intent to compliance

The recitals explain the "why". Our team helps you act on the "how" — audits, DPIAs, transfers and breach response.

Talk to a lawyer