Considering the following reasons the articles of the GDPR have been adopted. These are the latest and final recitals of April 27th 2016.

(1) Processing of personal data solely for journalistic purposes or for the purposes of academic, artistic or literary expression
(2) Delegated acts of the Commission
(3) Consent to certain areas of scientific research
(4) Taking account of micro, small and medium-sized enterprise
(5) Not applicable to legal persons
(6) Technology neutrality
(7) Not applicable to activities regarding national and common security
(8) Adaptation of Regulation (EC) No 45/2001
(9) Not applicable to personal or household activities
(10) Not applicable to criminal prosecution
(11) Respecting the independence of the judiciary
(12) Processing by an establishment
(13) Applicable to processors not established in the Union if data subjects within the Union are targeted
(14) Applicable to processors not established in the Union if data subjects within the Union are profiled
(15) Applicable to processors due to international law
(16) Not applicable to anonymous data
(17) Not applicable to data of deceased persons
(18) Introduction of pseudonymisation
(19) Pseudonymisation at the same controller
(20) Online identifiers for profiling and identification
(21) Not applicable to public authorities in connection with their official tasks
(22) Conditions for consent
(23) Identity verification
(24) Right of rectification and erasure
(25) Health data
(26) Determination of the main establishment
(27) Enterprise group
(28) Special protection of children’s personal data
(29) Principles of data processing
(30) Lawfulness of data processing
(31) Legal basis or legislative measures
(32) Burden of proof and requirements for consent
(33) Freely given consent
(34) Vital interests of the data subject
(35) Overriding legitimate interest
(36) Overriding legitimate interest within group of undertakings
(37) Network and information security as overriding legitimate interest
(38) Further processing of personal data
(39) Protecting sensitive personal data
(40) Exceptions to the prohibition on processing special categories of personal data
(41) Processing of sensitive data in health and social sector
(42) Processing of sensitive data in public health sector
(43) Public interest in processing by official authorities for objectives of recognized religious communities
(44) Processing personal data on people’s political opinions by parties
(45) Additional data for identification purposes
(46) The principle of transparency
(47) Procedures for the exercise of the rights of the data subjects
(48) Information obligation
(49) Time of information
(50) Exceptions to the obligation to provide information
(51) Right of access
(52) Right to be forgotten
(53) Restriction of processing
(54) Right of data portability
(55) Right to object
(56) Right to object to direct marketing
(57) Profiling
(58) Guidance of the European Data Protection Board regarding profiling
(59) Restrictions of rights and principles
(60) Responsibility and liability of the controller
(61) Risks to the rights and freedoms of natural persons
(62) Risk assessment
(63) Risk assessment guidelines
(64) Appropriate technical and organisational measures
(65) Allocation of the responsibilities
(66) Designation of a representative
(67) The use of processors
(68) Record of processing activities
(69) Security of processing
(70) Risk evaluation and impact assessment
(71) Notification obligation of breaches to the supervisory authority
(72) Notification of data subjects in case of data breaches
(73) Promptness of reporting / notification
(74) Format and procedures of the notification
(75) Elimination of the general reporting requirement
(76) Data protection impact assessment
(77) Necessity of a data protection impact assessment
(78) Broader data protection impact assessment
(79) Data protection impact assessment at authorities
(80) Consultation of the supervisory authority
(81) Support by the processor
(82) Consultation of the supervisory authority in the course of a legislative process
(83) Data protection officer
(84) Preparation of codes of conduct by organisations and associations
(85) Consultation of stakeholders and data subjects in the development of codes of conduct
(86) Certification
(87) General principles for international data transfers
(88) International agreements for an appropriate level of data protection
(89) Appropriate level of data protection based on an adequacy decision
(90) Criteria for an adequacy decision
(91) Consideration of international agreements for an adequacy decision
(92) Monitoring and periodic review of the level of data protection
(93) Amendment, revocation and suspension of adequacy decisions
(94) Appropriate safeguards
(95) Standard data protection clauses
(96) Binding corporate rules
(97) Exceptions for certain cases of international transfers
(98) Data transfers due to important reasons of public interest
(99) Transfers qualified as not repetitive and that only concern a limited number of data subjects
(100) Safeguarding of enforceability of rights and obligations in the absence of an adequacy decision
(101) Rules in third countries contrary to the Regulation
(102) Cooperation among supervisory authorities
(103) Establishment of supervisory authorities
(104) Monitoring of the supervisory authorities
(105) Organisation of several supervisory authorities of a Member State
(106) Features of supervisory authorities
(107) Independence of the supervisory authorities
(108) Responsibility of the supervisory authorities
(109) Cooperation of the supervisory authorities with each other and with the Commission
(110) Lead authority regarding processing in several Member States
(111) Competences of the lead authority
(112) Joint decision
(113) Information of the supervisory authority regarding local processing
(114) Responsibility regarding processing in the public interest
(115) Tasks and powers of the supervisory authorities
(116) Consideration of the authority with which the complaint has been lodged
(117) Attempt of an amicable settlement
(118) Awareness-raising activities and specific measures
(119) Mutual assistance and provisional measures
(120) Participation in joint operations
(121) Performance of a contract
(122) Fulfillment of legal obligations
(123) Genetic data
(124) Consistency mechanism
(125) Binding decisions and opinions of the Board
(126) Provisional measures
(127) Consultation of the European Data Protection Supervisor
(128) Relationship to Directive 2002/58/EC
(129) Urgency procedure
(130) Processing in the employment context
(131) European Data Protection Board
(132) Processing for archiving, scientific or historical research or statistical purposes
(133) Liability rules of intermediary service providers shall remain unaffected
(134) Secretariat and staff of the Board
(135) Information from registries and scientific research
(136) Right to lodge a complaint
(137) Processing for archiving purposes
(138) The right of data subjects to mandate a not-for-profit body, organisation or association
(139) Processing for scientific research purposes
(140) Judicial remedies
(141) Processing for historical research purposes
(142) Related proceedings
(143) Consenting to the participation in clinical trials
(144) Choice of venue
(145) Processing for statistical purposes
(146) Indemnity
(147) Production of European and national statistics
(148) Jurisdiction
(149) Professional or other equivalent secrecy obligation
(150) Penalties
(151) No prejudice of the status of churches and religious associations
(152) Penalties for infringements of national rules
(153) Administrative fines
(154) Implementing powers of the Commission
(155) Administrative fines in Denmark and Estonia
(156) Implementing acts on standard contractual clauses
(157) Power of sanction of the Member States
(158) Immediately applicable implementing acts
(159) Principle of subsidiarity and principle of proportionality
(160) Principle of public access to official documents
(161) Repeal of Directive 95/46/EC and transitional provisions
(162) Recital Data Protection as a Fundamental Right
(163) Recitals Respect of the Fundamental Rights and Freedoms
(164) Recital Directive 95/46/EC Harmonisation
(165) Recital Data Protection in Balance with Other Fundamental Rights
(166) Recital Cooperation Between Member States to Exchange Personal Data
(167) Recital Ensuring a High Level of Data Protection Despite the Increased Exchange of Data
(168) Recital The Framework is Based on Control and Certainty
(169) Recital Adoption into National Law
(170) Recital Different Standards of Protection by the Directive 95/46/EC
(171) Recital Harmonised Level of Data Protection Despite National Scope
(172) Recital Harmonisation of the Powers and Sanctions
(173) Recital Authorization of the European Parliament and the Council