A recital is part of the preamble to the GDPR — it explains the reasoning and intent behind the enacting articles. Recitals are not binding in themselves but are used to interpret the Regulation.
It should be ascertained whether all appropriate technological protection and organisational measures have been implemented to establish immediately whether a personal data breach has taken place and to inform promptly the supervisory authority and the data subject. 2 The fact that the notification was made without undue delay should be established taking into account in particular the nature and gravity of the personal data breach and its consequences and adverse effects for the data subject. 3 Such notification may result in an intervention of the supervisory authority in accordance with its tasks and powers laid down in this Regulation.
* This title is an unofficial description.
Recital 86
Recital 88
All recitals
Report error
Source: Regulation (EU) 2016/679 (OJ L 119, 4.5.2016, p. 1), preamble. Official text reproduced from EUR-Lex — © European Union.
Looking for the binding rules? Browse the 99 GDPR articles — the recitals explain the intent behind them.
Need to apply the GDPR in practice?
Our data-protection lawyers turn the text into a plan.