Digital Policy Alert logo

Saudi Arabia: Entry into force of Implementing Regulation of the Personal Data Protection Law including cybersecurity regulation

Policy overview

Description

Entry into force of Implementing Regulation of the Personal Data Protection Law including cybersecurity regulation

On 14 September 2024, the Implementing Regulation of the Personal Data Protection Law (PDPL) became effective alongside the PDPL itself. It stipulates that data controllers must implement comprehensive security measures to safeguard personal data and privacy. In the event of a data breach, the controller is obliged to notify the authority within 72 hours, providing a detailed account of the incident and the corrective measures that have been or will be taken. Furthermore, data controllers are required to notify affected data subjects if a breach may cause damage to their data or conflict with their rights or interests.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2023-07-11
in consultation

On 11 July 2023, the Authority for Data and Artificial Intelligence published the draft Implementin…

2023-07-31
processing consultation

On 31 July 2023, the Authority for Data and Artificial Intelligence closed the public consultation …

2023-09-07
adopted

On 7 September 2023, the final version of the Implementing Regulation of the Personal Data Protecti…

2024-09-14
in force

On 14 September 2024, the Implementing Regulation of the Personal Data Protection Law (PDPL) became…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.