Compare with different regulatory event:

Description

Implemented Personal Data Protection Law

The Personal Data Protection Law comes into effect on 17 March 2023 after its initial implementation in March 2022 was postponed. The Law aims to ensure that the processing of personal data relating to an individual satisfies certain mandatory requirements to ensure the data owner's right to privacy. The Law introduces obligations for data controllers concerning data breaches and privacy impact assessment and a mandatory registration to the Data Controller registry. The law prohibits cross-border personal data transfers with some exceptions and guarantees to data owners the rights to information, rectification, access and destruction regarding their personal data.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2021-09-14
adopted

The Personal Data Protection Law is adopted by the Council of Minister of Saudi Arabia. It introduc…

2021-09-16
in grace period

The Personal Data Protection Law enters into force following the approval by the Saudi King. It int…

2022-03-22
adopted

On 22 March 2022, the Saudi Arabian Data & AI Authority stated on Twitter that the implementation P…

2023-03-17
in force

The Personal Data Protection Law comes into effect on 17 March 2023 after its initial implementatio…

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type Private organisation
Economic activity cross-cutting
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
personal data: identity: data collection
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: identity: transfer (any destination)
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: identity: data processing
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: identity: transfer: cross-border
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Regulator approval requirement
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
consumer data: location: transfer (any destination)
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
consumer data: location: data processing
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
consumer data: location: transfer: cross-border
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Regulator approval requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: financial or credit information: data collection
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: financial or credit information: transfer (any destination)
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: financial or credit information: data processing
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: financial or credit information: transfer: cross-border
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Regulator approval requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: ethnicity: data collection
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: ethnicity: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: ethnicity: data processing
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: ethnicity: transfer: cross-border
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
User right to withdraw consent
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Regulator approval requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: religious beliefs: data collection
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: religious beliefs: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: religious beliefs: data processing
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: religious beliefs: transfer (any destination)
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: genetic: data collection
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: genetic: transfer (any destination)
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: genetic: data processing
Regulatory tool
Risk or other impact assessment requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: genetic: transfer: cross-border
Regulatory tool
Risk or other impact assessment requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Regulator approval requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: health: data collection
Regulatory tool
Risk or other impact assessment requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: health: transfer (any destination)
Regulatory tool
Risk or other impact assessment requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: health: data processing
Regulatory tool
Risk or other impact assessment requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: health: transfer: cross-border
Regulatory tool
Risk or other impact assessment requirement
User right to rectification of personal data
User consent: Other requirement
User right to deletion of personal data
User consent: Permit user opt-out
Preventive security requirement
User right to restriction of personal data processing
Responsive security requirement
Recordkeeping requirement
Registration requirement
Obligation to make customer data available to government agencies
Purpose/processing limitation
Duty to appoint compliance officer
User notification requirement
Local representation requirement
User consent: Opt-in requirement
Regulator approval requirement
Technical standard adherence
Regulator cooperation requirements
User right to access personal data
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: information that is publicly available: data collection
Regulatory tool
Risk or other impact assessment requirement
Recordkeeping requirement
Registration requirement
Obligation to make customer data available to government agencies
Duty to appoint compliance officer
Local representation requirement
User consent: Opt-in requirement
Regulator cooperation requirements
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: identity: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Recordkeeping requirement
Registration requirement
Obligation to make customer data available to government agencies
Duty to appoint compliance officer
Local representation requirement
Regulator cooperation requirements
Sanctions
Prison sentence
Fine
Regulated subjects
1
consumer data: location: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Recordkeeping requirement
Registration requirement
Obligation to make customer data available to government agencies
Duty to appoint compliance officer
Local representation requirement
Regulator cooperation requirements
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: financial or credit information: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Recordkeeping requirement
Registration requirement
Obligation to make customer data available to government agencies
Duty to appoint compliance officer
Local representation requirement
Regulator cooperation requirements
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: genetic: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Recordkeeping requirement
Registration requirement
Obligation to make customer data available to government agencies
Duty to appoint compliance officer
Local representation requirement
Regulator cooperation requirements
Sanctions
Prison sentence
Fine
Regulated subjects
1
personal data: health: storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Recordkeeping requirement
Registration requirement
Obligation to make customer data available to government agencies
Duty to appoint compliance officer
Local representation requirement
Regulator cooperation requirements
Sanctions
Prison sentence
Fine
Regulated subjects
1

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

personal data: identity: data collection

personal data: identity: transfer (any destination)

personal data: identity: data processing

personal data: identity: transfer: cross-border

consumer data: location: transfer (any destination)

consumer data: location: data processing

consumer data: location: transfer: cross-border

personal data: financial or credit information: data collection

personal data: financial or credit information: transfer (any destination)

personal data: financial or credit information: data processing

personal data: financial or credit information: transfer: cross-border

personal data: ethnicity: data collection

personal data: ethnicity: storage (any form)

personal data: ethnicity: data processing

personal data: ethnicity: transfer: cross-border

personal data: religious beliefs: data collection

personal data: religious beliefs: storage (any form)

personal data: religious beliefs: data processing

personal data: religious beliefs: transfer (any destination)

personal data: genetic: data collection

personal data: genetic: transfer (any destination)

personal data: genetic: data processing

personal data: genetic: transfer: cross-border

personal data: health: data collection

personal data: health: transfer (any destination)

personal data: health: data processing

personal data: health: transfer: cross-border

personal data: information that is publicly available: data collection

personal data: identity: storage (any form)

consumer data: location: storage (any form)

personal data: financial or credit information: storage (any form)

personal data: genetic: storage (any form)

personal data: health: storage (any form)