A recital is part of the preamble to the GDPR — it explains the reasoning and intent behind the enacting articles. Recitals are not binding in themselves but are used to interpret the Regulation.
The principles of data protection should apply to any information concerning an identified or identifiable natural person. 2 Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person. 3 To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly. 4 To ascertain whether means are reasonably likely to be used to identify the natural person, account should be taken of all objective factors, such as the costs of and the amount of time required for identification, taking into consideration the available technology at the time of the processing and technological developments. 5 The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. 6 This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.
* This title is an unofficial description.
Recital 25
Recital 27
All recitals
Report error
Source: Regulation (EU) 2016/679 (OJ L 119, 4.5.2016, p. 1), preamble. Official text reproduced from EUR-Lex — © European Union.
Looking for the binding rules? Browse the 99 GDPR articles — the recitals explain the intent behind them.
Need to apply the GDPR in practice?
Our data-protection lawyers turn the text into a plan.