Recital 60 – Information obligation
Recital 60 Information obligation The principles of fair and transparent processing require that the data subject be informed of the existence of the processing operation and its purposes. The…
Author: Ben Wolford
Recital 61 – Time of information
Recital 61 Time of information The information in relation to the processing of personal data relating to the data subject should be given to him or her at the…
Recital 42 – Burden of proof and requirements for consent
Recital 42 Burden of proof and requirements for consent Where processing is based on the data subject’s consent, the controller should be able to demonstrate that the data subject…
Recital 43 – Freely given consent
Recital 43 Freely given consent In order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data in…
Recital 44 – Performance of a contract
Recital 44Performance of a contract Processing should be lawful where it is necessary in the context of a contract or the intention to enter into a contract.
Recital 45 – Fulfillment of legal obligations
Recital 45 Fulfillment of legal obligations Where processing is carried out in accordance with a legal obligation to which the controller is subject or where processing is necessary for…
Recital 46 – Vital interests of the data subject
Recital 46 Vital interests of the data subject The processing of personal data should also be regarded to be lawful where it is necessary to protect an interest which…
Recital 47 – Overriding legitimate interest
Recital 47 Overriding legitimate interest The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party,…
Recital 48 – Overriding legitimate interest within group of undertakings
Recital 48 Overriding legitimate interest within group of undertakings Controllers that are part of a group of undertakings or institutions affiliated to a central body may have a legitimate…
Recital 49 – Network and information security as overriding legitimate interest
Recital 49 Network and information security as overriding legitimate interest The processing of personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and…
Recital 50 – Further processing of personal data
Recital 50 Further processing of personal data The processing of personal data for purposes other than those for which the personal data were initially collected should be allowed only…
Recital 51 – Protecting sensitive personal data
Recital 51 Protecting sensitive personal data Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of…
Recital 28 – Introduction of pseudonymisation
Recital 28 Introduction of pseudonymisation The application of pseudonymisation to personal data can reduce the risks to the data subjects concerned and help controllers and processors to meet their…
Recital 29 – Pseudonymisation at the same controller
Recital 29 Pseudonymisation at the same controller In order to create incentives to apply pseudonymisation when processing personal data, measures of pseudonymisation should, whilst allowing general analysis, be possible…
Recital 30 – Online identifiers for profiling and identification
Recital 30 Online identifiers for profiling and identification Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses,…
Recital 31 – Not applicable to public authorities in connection with their official tasks
Recital 31 Not applicable to public authorities in connection with their official tasks Public authorities to which personal data are disclosed in accordance with a legal obligation for the…
Recital 32 – Conditions for consent
Recital 32 Conditions for consent Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to…
Recital 33 – Consent to certain areas of scientific research
Recital 33 Consent to certain areas of scientific research It is often not possible to fully identify the purpose of personal data processing for scientific research purposes at the…
Recital 34 – Genetic data
Recital 34Genetic data Genetic data should be defined as personal data relating to the inherited or acquired genetic characteristics of a natural person which result from the analysis of…
Recital 35 – Health data
Recital 35 Health data Personal data concerning health should include all data pertaining to the health status of a data subject which reveal information relating to the past, current…
Recital 36 – Determination of the main establishment
Recital 36 Determination of the main establishment The main establishment of a controller in the Union should be the place of its central administration in the Union, unless the…
Recital 37 – Enterprise group
Recital 37 Enterprise group A group of undertakings should cover a controlling undertaking and its controlled undertakings, whereby the controlling undertaking should be the undertaking which can exert a…
Recital 38 – Special protection of children’s personal data
Recital 38 Special protection of children’s personal data Children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and…
Recital 39 – Principles of data processing
Recital 39 Principles of data processing Any processing of personal data should be lawful and fair. It should be transparent to natural persons that personal data concerning them are…
Recital 40 – Lawfulness of data processing
Recital 40Lawfulness of data processing In order for processing to be lawful, personal data should be processed on the basis of the consent of the data subject concerned or…
