GDPR Recitals

Recital 148Penalties

All 173 Recitals Regulation (EU) 2016/679

A recital is part of the preamble to the GDPR — it explains the reasoning and intent behind the enacting articles. Recitals are not binding in themselves but are used to interpret the Regulation.

In order to strengthen the enforcement of the rules of this Regulation, penalties including administrative fines should be imposed for any infringement of this Regulation, in addition to, or instead of appropriate measures imposed by the supervisory authority pursuant to this Regulation. 2 In a case of a minor infringement or if the fine likely to be imposed would constitute a disproportionate burden to a natural person, a reprimand may be issued instead of a fine. 3 Due regard should however be given to the nature, gravity and duration of the infringement, the intentional character of the infringement, actions taken to mitigate the damage suffered, degree of responsibility or any relevant previous infringements, the manner in which the infringement became known to the supervisory authority, compliance with measures ordered against the controller or processor, adherence to a code of conduct and any other aggravating or mitigating factor. 4 The imposition of penalties including administrative fines should be subject to appropriate procedural safeguards in accordance with the general principles of Union law and the Charter, including effective judicial protection and due process.

* This title is an unofficial description.

Recital 147

Recital 149

All recitals

Report error

Source: Regulation (EU) 2016/679 (OJ L 119, 4.5.2016, p. 1), preamble. Official text reproduced from EUR-Lex — © European Union.

Looking for the binding rules? Browse the 99 GDPR articles — the recitals explain the intent behind them.

Need to apply the GDPR in practice?

Our data-protection lawyers turn the text into a plan.

Talk to a lawyer