Data Protection: High Risk Processing Activities

Overview

This Practice Note will provide an overview of how an organisation can adopt a framework to identify high risk processing activities and how it can be aware of what its obligations are in minimising risks that these activities pose to a data subject.

Definitions

  • ADGM: Abu Dhabi Global Market.

  • Data subject: An identified or identifiable living natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose and means of the processing of personal data.

  • Commissioner of Data Protection: The person appointed by the Board to be the Head of the Office of Data Protection.

  • Court: Any of the courts established pursuant to article 10 of Abu Dhabi Law No. 4/2013 On the Global Marketplace Abu Dhabi.

  • DPO: Data protection officer