DP Assessment Tool - High Risk Processing Activities

Schedule 1, Article 3 of DPL 2020 defines High Risk Processing (HRP). Please use this tool to understand whether in accordance with DIFC DP Law 2020 your business undertakes any HRP operations. If it does, you are required under Article 16 of the DPL 2020 to appoint a Data Protection Officer, and you have additional accountability requirements such as conducting Annual Assessments (Articles 19(1) and (2)) or carrying out data protection impact assessments (DPIA) prior to undertaking HRP (Article 20(1)). Please review the DP Law 2020 and the HRP Guidance for further information.

Please note that assessment tool / guidance is for informational purposes only and should not be construed as legal advice provided by the Commissioner’s Office.

Personal data, if any, that is collected as a result of completing this assessment will be handled in accordance with the DIFC Online Data Protection Policy.

1. Are we adopting a new or different technology or method of processing that creates a materially increased risk to the security or rights of a Data Subject or renders it more difficult for a Data Subject to exercise his rights?

Will a considerable amount of Personal Data be Processed (including staff and contractor Personal Data) where such Processing is likely to result in a high risk to the Data Subject, including due to the sensitivity of the Personal Data or risks relating to the security, integrity or privacy of the Personal Data ?

Will the Processing will involve a systematic and extensive evaluation of personal aspects relating to natural persons, based on automated Processing, including Profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person?

Will a material amount of Special Categories of Personal Data be Processed?