Saudi Arabia Finalised PDPL Regulations published in Official Gazette

Allen & Overy LLP

Allen & Overy LLP

On 7 September 2023, the Saudi Data & Artificial Intelligence Authority (SDAIA) published the (i) Implementing Regulations of the Personal Data Protection Law (PDPL) and (ii) Regulation on Personal Data Transfer outside the Geographical Boundaries of the Kingdom (Transfer Regulations).

The PDPL represents a comprehensive data protection law, adopting many familiar concepts and rules from the GDPR, including:

  • the concept of lawful grounds for processing

  • data subject rights

  • requirements for the appointment and control of processors

  • rules relating to data minimisation and data quality

  • data protection impact assessments

  • security requirements and data breach notification

  • specific rules on processing health data and credit data, and Government-IDs

  • specific rules on direct marketing and advertising

  • organisational requirements (such as a requirement to appoint a DPO, maintain records of processing, etc.)

The Transfer Regulations cover international transfers of personal data, incorporating the concepts of adequacy, appropriate safeguards and transfer risk assessment, and exemptions where transfers are permitted.

The regulations are available here and here (in Arabic), and the English version here.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Allen & Overy LLP | Attorney Advertising

Written by:

Allen & Overy LLP

Allen & Overy LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide