A recital is part of the preamble to the GDPR — it explains the reasoning and intent behind the enacting articles. Recitals are not binding in themselves but are used to interpret the Regulation.
In order to create incentives to apply pseudonymisation when processing personal data, measures of pseudonymisation should, whilst allowing general analysis, be possible within the same controller when that controller has taken technical and organisational measures necessary to ensure, for the processing concerned, that this Regulation is implemented, and that additional information for attributing the personal data to a specific data subject is kept separately. 2 The controller processing the personal data should indicate the authorised persons within the same controller.
* This title is an unofficial description.
Recital 28
Recital 30
All recitals
Report error
Source: Regulation (EU) 2016/679 (OJ L 119, 4.5.2016, p. 1), preamble. Official text reproduced from EUR-Lex — © European Union.
Looking for the binding rules? Browse the 99 GDPR articles — the recitals explain the intent behind them.
Need to apply the GDPR in practice?
Our data-protection lawyers turn the text into a plan.