GDPR Recitals

Recital 77Risk Assessment Guidelines

All 173 Recitals Regulation (EU) 2016/679

A recital is part of the preamble to the GDPR — it explains the reasoning and intent behind the enacting articles. Recitals are not binding in themselves but are used to interpret the Regulation.

Guidance on the implementation of appropriate measures and on the demonstration of compliance by the controller or the processor, especially as regards the identification of the risk related to the processing, their assessment in terms of origin, nature, likelihood and severity, and the identification of best practices to mitigate the risk, could be provided in particular by means of approved codes of conduct, approved certifications, guidelines provided by the Board or indications provided by a data protection officer. 2 The Board may also issue guidelines on processing operations that are considered to be unlikely to result in a high risk to the rights and freedoms of natural persons and indicate what measures may be sufficient in such cases to address such risk.

* This title is an unofficial description.

Recital 76

Recital 78

All recitals

Report error

Source: Regulation (EU) 2016/679 (OJ L 119, 4.5.2016, p. 1), preamble. Official text reproduced from EUR-Lex — © European Union.

Looking for the binding rules? Browse the 99 GDPR articles — the recitals explain the intent behind them.

Need to apply the GDPR in practice?

Our data-protection lawyers turn the text into a plan.

Talk to a lawyer