Saudi Arabia: Published SDAIA Personal Data Destruction, Anonymisation, and Pseudonymisation Guideline

On 3 September 2024, the Saudi Data and Artificial Intelligence Authority (SDAIA) published the Personal Data Destruction, Anonymisation, and Pseudonymisation Guideline. In particular, the Guideline provides a framework intended to help entities comply with the data destruction, anonymisation, and pseudonymisation requirements in the Saudi Personal Data Protection Law and its Implementing Regulations. The Guideline outlines procedures and best practices for data destruction, ensuring data is permanently deleted and irretrievable; anonymisation, making data unidentifiable; and pseudonymisation, which replaces identifiable data with codes.