Data privacy compliance in Saudi Arabia now enforced

published on 6 December 2024 | reading time approx. 2 minutes

As of 14 September 2024, the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL) is now in full effect. Businesses processing the personal data of Saudi residents must ensure immediate compliance to avoid potential legal and reputational risks.

The Saudi Data and AI Authority (SDAIA) has issued guidelines to help entities navigate their obligations. However, it is important to note that GDPR compliance is not sufficient. While GDPR and the PDPL share similarities, there are critical differences requiring Saudi-specific adjustments. Organizations must move beyond administrative requirements to establish a comprehensive privacy framework and culture of data protection.

We recommend that businesses prioritize the following steps:

Review your data processing activities to ensure compliance with the PDPL
Update or create privacy documentation, including policies, notices, data processing agreements, and compliance programs
Assess whether a Data Protection Officer (DPO) is required and appoint one promptly if necessary
Determine if registration as a Controller is required and complete the process if applicable
Deliver employee training on privacy and personal data handling or refresh existing programs

Compliance with PDPL is now mandatory, and failure to act may result in significant consequences.

Good to know

How Saudi Arabia’s new laws are set to redefine product safety 10.12.2024

Data privacy compliance in Saudi Arabia now enforced 6.12.2024

Saudi Arabia’s new commercial registration and trade name laws 15.10.2024

Saudi Arabia's new extensive Labor Law: A progressive approach towards Vision 2030 16.9.2024

All articles »

Contact

Contact Person Picture

Bandar Shanneik, LL.M. (Amsterdam)

Manager

+971 4295 0020

Send inquiry

How we can help

Rödl & Partner in Saudi Arabia