Saudi Arabia: Adopted Rules Governing the National Register of Controllers Processing Personal Data

On 1 September 2024, the Saudi Data & AI Authority (SDAIA) adopted the Rules Governing the National Register of Controllers Processing Personal Data. This order mandates the registration of controllers which are public entities, whose main activity is processing personal data, who process sensitive data, and individuals who process personal data for purposes exceeding personal and family use. The order details the registration process, the assessment of the necessity of appointing Personal Data Protection Officers, and the services provided on the National Data Governance Platform. This measure aims to enhance the monitoring and compliance of controllers with the law and regulations, thereby strengthening the protection of personal data within the Kingdom.