With the implementation of the new Personal Data Protection Law (PDPL) in Saudi Arabia, companies must navigate a stringent regulatory framework designed to safeguard personal data. At Tejoury, we are committed to helping businesses achieve full compliance with this new regulation, ensuring the privacy and security of personal information.
The PDPL, enacted by Royal Decree M/19 on September 16, 2021, and published in the Official Gazette on September 24, 2021, aims to protect personal data, regulate data sharing, and prevent misuse. This law aligns with Saudi Arabia’s Vision 2030, which focuses on developing a robust digital infrastructure and fostering a digital economy.
Scope and Coverage:?The PDPL applies to any processing of personal data performed within Saudi Arabia by businesses or public entities, including the processing of data of Saudi residents by entities located outside the Kingdom. The law covers various types of personal data, including names, identification numbers, contact information, and photographs.
- Data Subject Rights:?Individuals have the right to be informed about personal data processing, access their data, request corrections or updates, and request data destruction if it is no longer needed.
- Controller Registration:?Organizations collecting personal data must register on an electronic portal, forming a national record of controllers. An annual fee is required for registration.
- Controller Obligations:?Controllers must ensure the accuracy, completeness, and relevancy of personal data before processing. They are also required to maintain processing records and ensure staff are trained in data protection principles.
- Consent:?Data subjects can withdraw consent for data processing at any time. Consent should not be a pre-requisite for offering services unless directly related to the processing activity.
- Non-Consent-Based Processing:?Data processing without consent is allowed in certain circumstances, such as clear benefits to the data subject, legal requirements, or security and judicial purposes.
- Privacy Policy:?Controllers must implement a privacy policy and make it available to data subjects before collecting personal data.
- Impact Assessments:?Controllers must evaluate the impact of personal data processing and cease collection if the data is no longer needed.
- Marketing:?Personal data cannot be used for marketing without the consent of the recipient.
- Breach Notification:?Data breaches must be notified to the supervisory authority immediately, and data subjects must be informed if there is material harm.
At Tejoury, we offer comprehensive solutions to ensure your business complies with the PDPL. Our services include:
- Gap Analysis:?We review and identify core operational processes, pinpointing touchpoints that require or hold personal data. This analysis helps rectify processes to comply with PDPL requirements.
- Compliance Audit:?Our experts assess your organization’s compliance with the PDPL through a holistic risk-based approach, ensuring key compliance risks are mitigated with robust controls.
- Data Flow Management:?Effective management of data flow is crucial for maintaining data integrity and compliance. We provide solutions to streamline data flow management, ensuring data accuracy and security.
- Digital and Physical Document Management:?Managing both digital and physical documents accurately is essential for compliance. Tejoury offers services in sorting and securely destroying documents, reducing the risk of data breaches and ensuring compliance with PDPL.
The PDPL took effect on March 23, 2022, with a transitional period of up to 18 months for full enforcement. This period is crucial for businesses to align their operations with the new law. At Tejoury, we are ready to support you through this transition, ensuring your business not only complies with the PDPL but also thrives in the new regulatory environment.
For more info: Tejoury.com
Tejoury: Your Partner in Data Protection Compliance
Warehouse & Logistics Supervisor
9 个月Good point!