GDPR Recitals

Recital 57Additional Data for Identification Purposes

All 173 Recitals Regulation (EU) 2016/679

A recital is part of the preamble to the GDPR — it explains the reasoning and intent behind the enacting articles. Recitals are not binding in themselves but are used to interpret the Regulation.

If the personal data processed by a controller do not permit the controller to identify a natural person, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. 2 However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. 3 Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the data controller.

* This title is an unofficial description.

Recital 56

Recital 58

All recitals

Report error

Source: Regulation (EU) 2016/679 (OJ L 119, 4.5.2016, p. 1), preamble. Official text reproduced from EUR-Lex — © European Union.

Looking for the binding rules? Browse the 99 GDPR articles — the recitals explain the intent behind them.

Need to apply the GDPR in practice?

Our data-protection lawyers turn the text into a plan.

Talk to a lawyer