🇸🇦 Saudi Arabia Data Protection (PDPL)

Saudi Arabia's Personal Data Protection Law (PDPL) issued by SDAIA/NDMO — requirements, rights, and compliance obligations for organisations processing personal data in the Kingdom.

Ask GCC LexAI about Data Protection

Related Saudi Arabia Documents

analysisAI Law in Saudi Arabia — In-Depth Analysis (Latham & Watkins / Lexology)strategyNational Strategy for Data and AI 2020 (Saudi Arabia)guidanceSaudi Arabia Data Privacy Handbook 2023 (PwC)
View all Saudi Arabia documents →

Frequently Asked Questions

What is Saudi Arabia's PDPL?

The Personal Data Protection Law (PDPL) was issued by Royal Decree in September 2021 and is enforced by the National Data Management Office (NDMO) under SDAIA. It regulates collection, processing, and transfer of personal data.

When did the Saudi PDPL take effect?

The PDPL came into force in March 2022, with a transition period. Full enforcement and penalties began applying to organisations that failed to comply.

What are the main PDPL requirements for businesses?

Key requirements include obtaining explicit consent for data processing, appointing a Data Protection Officer, implementing technical and organisational security measures, notifying NDMO of data breaches, and restricting cross-border data transfers.

Other Saudi Arabia Topics

AI Strategy & SDAIAFintech RegulationsCybersecurity Regulations
AI-generated summaries only. This is not legal advice. · Saudi Arabia overview