9. Requirements for Processing Sensitive Personal Data*
9.1 Due to the nature of Sensitive Personal Data and its vulnerability to be misused, Section 3 of the Data Protection Regulations prohibits the processing of Sensitive Personal Data unless certain criteria are satisfied, including but not limited to:
a) Additional written consent to the processing of this kind of Personal Data has been obtained from the Data Subject;
b) Processing is necessary for the purposes of carrying out the obligations and specific rights of the Data Controller; or
c) Processing is necessary to protect the vital interests of the Data Subject or of another person where the Data Subject is physically or legally incapable of giving his/her consent.
9.2 Please refer to the Data Protection Regulations for the full list of criteria.
* Section 3 of the ADGM Data Protection Regulations 2015