Article 4 of the GDPR defines a recipient as "the natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a particular enquiry in accordance with Union law or the law of a Member State shall not be regarded as recipients; the processing of such data by the public authorities in question shall comply with the applicable data protection rules in the light of the purposes of the processing".
In other words, the term recipients refers to all entities that will have access to the data other than the public authorities (authorised third parties such as the data protection authorities, the criminal investigation police or the tax authorities, for example).
These are the internal departments of the data controller (the HR department for example), sub-contractors, joint data controllers, other data controllers (commercial partners for example).