Personal Data Protection Law
Saudi Arabia
2021
Privacy
Overview
Saudi Arabia's Personal Data Protection Law (PDPL) was enacted by Royal Decree M/19 in 2021 and came into force in March 2022. It establishes a national framework for regulating the collection, processing, storage, and transfer of personal data. The law is overseen by the Saudi Data and Artificial Intelligence Authority (SDAIA), with full enforcement scheduled from September 2024. The law applies to banks, telecommunication providers, e-commerce platforms, government entities, and other public and private organizations processing personal data in or targeting Saudi Arabia. It introduces obligations related to consent, purpose limitation, data subject rights, and data transfer restrictions.
Key Obligations
- Obtain explicit consent before collecting or processing personal data
- Use personal data only for clearly defined and legitimate purposes
- Grant individuals rights to access, correct, delete, and object to the use of their data
- Restrict cross-border data transfers, which are generally prohibited unless specific exemptions apply
- Conduct impact assessments for high-risk processing activities
- Implement security measures to protect personal data from loss, misuse, or unauthorized access
- Notify SDAIA and affected individuals in the event of a data breach
FAQ
Related Regulations
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Identity Verification
Use facial match and liveness checks paired with government ID verification to make sure the person holding the document is the person you're onboarding.
AML Screening
Comprehensive Anti-Money Laundering screening solutions to detect and prevent financial crimes through advanced monitoring and compliance tools.
MENA API Marketplace
Comprehensive API marketplace for the Middle East and North Africa region, offering localized verification and compliance solutions.