GDPR Chapter 1: General provisions, including material scope, territorial scope and definitions

The first chapter of the EU GDPR covers general provisions of the General Data Protection Regulation, including subject-matter and objectives, material scope, territorial scope and definitions of GDPR terms. GDPR Chapter 1 contains articles 1, 2, 3, and 4 of the GDPR or Regulation (EU) 2016/679.

The GDPR definitions include the definition of personal data under the GDPR, the meaning of data processing in the scope of the GDPR, the GDPR definition of the controller, the processor, consent, personal data breach, the definition of various types of sensitive data such as genetic data and biometric data and the definition of techniques such as pseudonymization, topics we tackled in ‘GDPR data protection: the data subject, personal data and identifiers explained‘.

Other definitions in GDPR Chapter 1 (Article 4) of the General Data Protection Regulation text pertain to the restriction of processing, profiling, a filing system, a recipient, a third party, data concerning health, the main establishment, the representative, the supervisory authority and cross-border processing, to name a few.

GDPR text chapter 1 - general provisions material scope territorial scope and GDPR definitions - rticles 1, 2, 3 and 4 of Regulation (EU) 2016/679 (General Data Protection Regulation), with the GDPR subject-matter and objectives, the GDPR’s material scope, the territorial scope and GDPR definitions of key terms such as personal data, processing, profiling, pseudonymisation, controller, processor, controller, consent and personal data breach

The general provisions of GDPR Chapter 1 in a nutshell (with links to the Articles and relevant Recitals)

Article 1: Subject-matter and objectives

Article 1 of GDPR text Chapter 1 states what the General Data Protection regulation is and specifies the fundamental rights with regards to personal data protection and the free movement of personal data.

Recitals worth checking out with Article 1:

Article 2: Material scope

The second article of GDPR Chapter 1 is more important as the material scope is about the application of the GDPR regarding what it exactly covers: the processing of personal data indeed.

Article 2 lays out the foundation of the types of personal data it applies to and the types/conditions of personal data processing when it isn’t applicable. Finally, Article 2 also stipulates some consequences for and relationships with existing EU legislation. Of course we also need to know what kind of organizations that process personal data are concerned – more below in the relevant Recitals.

Recitals worth checking out in the context of the material scope:

Article 3: Territorial scope

With Article 3 of GDPR Chapter 1 we are at one of the most fundamental changes of the General Data Protection Regulation and the extra-territorial applicability.

The territorial scope paragraphs in Article 3 introduce the famous rule that it doesn’t matter where personal data processing of people in the European Union happens. In other words: it applies to any organization, within the limitations mentioned in Article 2 and a whole range of other Articles detailing the territorial scope, that processes personal data of so-called data subjects who are in the EU, regardless of where that processor is, in the EU, outside of the EU, on Mars (we think ahead).

In its second paragraph, Article 3 specifies 2 processing activities this territorial scope applies to: the offering of goods and services and behavioral monitoring.

Relevant Recitals for the territorial scope and application

Article 4: Definitions

Last but not least, the introduction of the GDPR which Chapter 1 in a way is (leaving aside the fact that there are 173 Recitals before Chapter 1 which are essential to understand the scope and details of the GDPR, explaining why we point you to some of them); offers a range of definitions in Article 4.

These definitions concern terms that are used throughout the rest of the Regulation. A list of the defined terms in Article 4: personal data, processing, restriction of processing, profiling, pseudonymisation, filing system, controller, processor, recipient, third party, consent, personal data breach, genetic data, biometric data, data concerning health, main establishment, representative, enterprise, group of undertakings, binding corporate rules, supervisory authority, supervisory authority concerned, cross-border processing, relevant and reasoned objection, information society service and international organisation.

Of course defining alone isn’t enough but as definitions matter do check out Article 4. There are several Articles in the next Chapters of the GDPR, starting with Chapter 2. Moreover, as Article 4 defines quite some terms, there are also quite some Recitals associated with it.

So, also take a look at some of the earlier mentioned Recitals and at:

And then, onward to Chapter 2 where it’s all about processing principles, lawful processing, consent and even more consent.

Top image: Shutterstock – Copyright: Carlos Amarillo. Although the content of this article is thoroughly checked we are not liable for potential mistakes and advice you to seek assistance in preparing for GDPR.