Publication
Data Protection in Saudi Arabia: An Overview of the New Rules for Appointing Data Protection Officers (DPOs)
In line with the rapid global developments in data protection and privacy regulations, Saudi Arabia has introduced a comprehensive framework through its Personal Data Protection Law (“PDPL”; Saudi Arabia Cabinet Decision No. 98/1443; Saudi Arabia Royal Decree No. M19/1443 on the Approval of the Personal Data Protection Law and Saudi Arabia Cabinet Decision No. 604/1444 on the Approval of the Amendments to the Personal Data Protection Law). Following the publication of the Implementing Regulations of the PDPL (Saudi Arabia Administrative Decision No. 1516/1445), the Saudi Data & AI Authority (“SDAIA”) has now issued specific rules for appointing Data Protection Officers (“DPO”) under Article 30 (2) of the PDPL (the “Rules”). These Rules are aimed at enhancing personal data protection and ensuring compliance with local and international standards. This article provides an in-depth overview of these Rules, including their purpose, scope, and the critical requirements for appointing a DPO in Saudi Arabia.
You can access our legal briefing on the following link: