A recital is part of the preamble to the GDPR — it explains the reasoning and intent behind the enacting articles. Recitals are not binding in themselves but are used to interpret the Regulation.
Where a data protection impact assessment indicates that the processing would, in the absence of safeguards, security measures and mechanisms to mitigate the risk, result in a high risk to the rights and freedoms of natural persons and the controller is of the opinion that the risk cannot be mitigated by reasonable means in terms of available technologies and costs of implementation, the supervisory authority should be consulted prior to the start of processing activities. 2 Such high risk is likely to result from certain types of processing and the extent and frequency of processing, which may result also in a realisation of damage or interference with the rights and freedoms of the natural person. 3 The supervisory authority should respond to the request for consultation within a specified period. 4 However, the absence of a reaction of the supervisory authority within that period should be without prejudice to any intervention of the supervisory authority in accordance with its tasks and powers laid down in this Regulation, including the power to prohibit processing operations. 5 As part of that consultation process, the outcome of a data protection impact assessment carried out with regard to the processing at issue may be submitted to the supervisory authority, in particular the measures envisaged to mitigate the risk to the rights and freedoms of natural persons.
* This title is an unofficial description.
Recital 93
Recital 95
All recitals
Report error
Source: Regulation (EU) 2016/679 (OJ L 119, 4.5.2016, p. 1), preamble. Official text reproduced from EUR-Lex — © European Union.
Looking for the binding rules? Browse the 99 GDPR articles — the recitals explain the intent behind them.
Need to apply the GDPR in practice?
Our data-protection lawyers turn the text into a plan.