Skip survey header

DP Assessment Tool - High Risk Processing Activities

Schedule 1, Article 3 of DPL 2020 defines High Risk Processing (HRP). Please use this tool to understand whether in accordance with DIFC DP Law 2020 your business undertakes any HRP operations.  If it does, you are required under Article 16 of the DPL 2020 to appoint a Data Protection Officer, and you have additional accountability requirements such as conducting Annual Assessments (Articles 19(1) and (2)) or carrying out data protection impact assessments (DPIA) prior to undertaking HRP (Article 20(1)).  Please review the DP Law 2020 and the HRP Guidance for further information.

Please note that assessment tool / guidance is for informational purposes only and should not be construed as legal advice provided by the Commissioner’s Office.
1. Are we adopting a new or different technology or method of Processing?
Does the new technology or method create a materially increased risk to the security or rights of a Data Subject or render it more difficult for a Data Subject to exercise his rights?
Will a considerable amount of Personal Data be Processed?
Is such Processing likely to result in a high risk to the Data Subject?
Will the Processing will involve a systematic and extensive evaluation of personal aspects relating to natural persons?
Is the Processing automated?
Will the Processing influence decisions which could have legal implications or similarly significantly affect the person?
Will a material amount of Special Categories of Personal Data be Processed?