Tools & Templates

Data Protection Assessment Tools

The Data Protection Assessment Tools on this page are designed to help companies of all sizes and in any sector to understand the various parts of the DP Law 2020 through easy, simple questions and answers that lead them to guidance responses for next steps. Rather than providing the answers straightaway, these assessments raise the important, key concepts to think about when determining whether an element of the DP Law 2020 should be implemented, to what degree, and what other gaps might need to be reviewed. They help DIFC companies (or any others that want to use them) mitigate risks, both to their processing operations that enable business, but also to the data subjects whose personal information forms the basis of their operations. 

Please note that these assessment tools are not meant to express an opinion on lawfulness of specific business activities, the outcomes provided do not have the force of law, and they are not intended to constitute legal advice. Please contact legal counsel for assistance in determining your business's data protection and privacy requirements in respect of the topics addressed below, to ensure compliance with the applicable laws and regulations. The Commissioner does not make any warranty or assume any legal liability for the accuracy or completeness of the information herein as it may apply to the particular circumstances of an individual or a firm.  


The following Assessment Tools can also be found on the Guidance page at this link


Applicability (Article 6)
Conduct assessment
Notifications of Processing Operations (Article 14(7))
conduct assessment
High Risk Processing (Article 16)
conduct assessment
Data Protection Officers (Articles 16 to 19)
conduct assessment
Data Protection Impact Assessments (Article 20)
Conduct Assessment
Controller and Processor Obligations (Articles 23 to 25)
Conduct Assessment
Data Export / International Transfers (Articles 26 & 27)
conduct assessment
EDMRI+ Due Diligence Assessment (Articles 26 & 27)
Conduct Assessment
Government Data Sharing (Article 28)
conduct assessment
Privacy Notices (Articles 29 & 30)
Conduct Assessment
Rights Request Responses (Article 32 to 40)
Conduct Assessment
Personal Data Breach Reporting (Articles 41 & 42)
Conduct Assessment
Marketing & Electronic Communications
Conduct Assessment


Data Protection Templates

These templates may assist in ensuring accountability for processing activities and compliance with DP Law 2020. These templates are provided only for guidance and format purposes. Provision / content of these templates is not to be construed as legal advice.

Legal consultants or other duly designated persons acting for the entity may revise, add or remove anything in these templates as appropriate, and the entity remains responsible for its own compliance with DP Law 2020 when using them as a basis for their own purposes.


Templates can also be accessed on the Accountability page at this link


Sample Government Data Sharing MOU (Article 28 - written assurances)


Sample Government Data Sharing Policy (Article 28)

Sample Online DP Notice aka Privacy Policy (Articles 29 / 30)

Sample Internal Privacy Policy (Article 14)

Sample Compliance Checklist and DPIA (Part 2D and Article 20)

Sample Record of Processing Activities (ROPA) (Article 15)

Sample DPO Job Description (Articles 16 to 18)

Sample DPO Annual Assessment Risk Matrix CSV (Article 19)

For better web experience, please use the website in portrait mode