A recital is part of the preamble to the GDPR — it explains the reasoning and intent behind the enacting articles. Recitals are not binding in themselves but are used to interpret the Regulation.
In order to enhance compliance with this Regulation where processing operations are likely to result in a high risk to the rights and freedoms of natural persons, the controller should be responsible for the carrying-out of a data protection impact assessment to evaluate, in particular, the origin, nature, particularity and severity of that risk. 2 The outcome of the assessment should be taken into account when determining the appropriate measures to be taken in order to demonstrate that the processing of personal data complies with this Regulation. 3 Where a data-protection impact assessment indicates that processing operations involve a high risk which the controller cannot mitigate by appropriate measures in terms of available technology and costs of implementation, a consultation of the supervisory authority should take place prior to the processing.
* This title is an unofficial description.
Recital 83
Recital 85
All recitals
Report error
Source: Regulation (EU) 2016/679 (OJ L 119, 4.5.2016, p. 1), preamble. Official text reproduced from EUR-Lex — © European Union.
Looking for the binding rules? Browse the 99 GDPR articles — the recitals explain the intent behind them.
Need to apply the GDPR in practice?
Our data-protection lawyers turn the text into a plan.