Show all guides
Middle East
Other

Saudi Arabia’s Personal Data Protection Law

Last update:
Apr 1, 2022

Saudi Arabia’s first data protection law (PDPL) will take effect on March 17, 2023. The aim of the PDPL is to ensure the privacy of personal data, regulate data sharing, and prevent the abuse of personal data. The PDPL covers data minimization, controller obligations, data subject rights, and penalties for breach of provisions. 

Scope:

The PDPL applies to any processing by businesses of personal data performed in the Kingdom of Saudi Arabia, including the processing of personal data of KSA residents by entities outside the Kingdom.

Enforcements

Although the PDPL will be effective from 23 March, I anticipate a transitional period of 12 – 18 months before it is fully enforceable nationally.

The supplementary regulations are expected to provide further clarification on the various aspects of the new law; with penalties for breaches of the PDPL reaching up to SAR5,000,000 (US$1,333,000) and in certain cases even imprisonment, they will be essential reading for employers.

The full guidelines can be found
here

Related Guides

India Data Protection Bill Remains Stalled, Receives Suggested Amendments

April 7, 2023

India introduced a revised comprehensive data protection bill, the DPDP, in late 2022, but parliament has yet to agree on its terms, leaving it far from getting a vote on the floor of Parliament.
India
Other

Minnesota Becomes 18th State to Pass Data Privacy Law

May 30, 2024

Minnesota passed a comprehensive bill before the end of the state legislative session, with the Governor signing it into law this week.
North America
Other
The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only