The goal of the DIFC Commissioner of Data Protection (the "Commissioner") in producing this guidance is to assist organisations subject to the DIFC Data Protection Law, Law No. 5 of 2020 (the "DPL") and the Data Protection Regulations issued pursuant to the DPL (the "Regulations") to evaluate whether their data processing activities are "High Risk Processing Activities" for the purposes of the DPL.
There are consequences under the DPL for Controllers and Processors that undertake High Risk Processing Activities. In order to comply with the DPL organisations must understand whether or not they carry out High Risk Processing Activities.
The guidance is issued by the Commissioner pursuant to Article 46(3)(h)(iii) of the DPL. In accordance with Schedule 1, Section 2(g) of the DPL, guidance issued under the DPL is indicative and non-binding.
This guidance is based on the DPL and the Regulations (collectively, "Legislation") as at 1 July, 2020 and remains current unless and until updated, withdrawn or replaced. Please visit www.difc.ae to read the full text of the Legislation.
This ...