This law was officially established through Royal Decree No. M/19 on September 16, 2021, and its provisions came into force on March 23, 2022.
The Saudi Data and AI Authority (SDAIA) has been designated as the regulatory body tasked with ensuring the law’s effective implementation and adherence by all relevant parties.
The PDPL encompasses a wide range of personal data processing activities, which include the collection, recording, storage, modification, and eventual destruction of personal data.
Individuals are granted specific rights under this law, allowing them to access their personal information, request necessary corrections, and raise objections to data processing under certain circumstances.
Furthermore, organizations that handle personal data are obligated to maintain robust data security measures, secure consent from individuals, and promptly inform authorities in the event of any data breaches.
Additionally, the law includes stringent regulations regarding the handling of sensitive data, which encompasses categories such as health, genetic, and biometric information.