Saudi Arabia’s Personal Data Protection Law — Tsaaro

0
1K

Personal Data Protection Law Saudi Arabia (KSA) was recently amended under Royal Decree No. M/148 dated 05/09/1444H. (corresponding to 27 March 2023) (Amended PDPL). These amendments were preceded by a public consultation launched by the Saudi Data and Artificial Intelligence Authority (SDAIA) in late 2022, not all the proposals have been implemented.

Personal Data Protection Law Ksa amendments introduce several concepts that are more closely aligned with the international standard such as the EU General Data Protection Regulation (GDPR).

EFFECT OF PDPL KSA

The Personal Data Protection Law KSA will take effect 720 days after the publication of the original law in the Official Gazette, this means the effective date of 14 September 2023.

Further, an important thing to be noted by the Organizations that fall within the ambit of the PDPL will have a one-year grace period to comply with the PDPL from the date it comes into force.

THE PROPOSED AMENDMENTS TO PDPL

The following are the proposed amendments to the Personal Data Protection Law Saudi Arabia.

Definitions

The definition of “Sensitive Personal Data” has now been narrowed down, which now solely refers to Personal data relating to an individual’s ethnic or racial origin, religious, intellectual, or political belief, criminal and security data, biometrics data, genetic data, and health data.

The definition of “Owner of Personal Data” was also amended removing the previous extension to an individual’s legal representative or guardian which now refers only to the individual to whom the personal data relates.

Legitimate interest as a legal basis for processing data

Another significant amendment was the inclusion of legitimate interest as a lawful basis for processing data, but the term is not defined under the PDPL.

In the original published version of PDPL, in certain circumstances, the requirement of consent is not needed in limited circumstances, where it remained as a criticism but the revision permits the processing can be carried out when there is a necessity to achieve a legitimate or lawful interest of the controller that does not affect the data subject rights. In accordance with the sensitive data, this legal basis will not be applied.

And this legitimate interest remains the legal basis for the collection of personal data and also for the disclosure of personal data to third parties. The addition of legitimate interest seems to be beneficial.

Previously, the data controller could only disclose personal data in five prescribed circumstances, the amendments now also permit the disclosure if it is necessary to achieve the legitimate interests of the controller, provided such disclosure does not prejudice the rights of the owner of the data, conflict with the interests or constitute sensitive personal data.

International data transfers

Further, significant amendments were made pertaining to international data transfers. The amendments now include the requirement that there shall be an appropriate level of protection for personal data outside of the KSA (which must not be less than the level of protection stipulated in the PDPL and the associated regulations). The executive regulations supplementing the PDPL shall specify the provisions, standards, and procedures including determining the circumstances in which a controller may be exempt from compliance with any of the prescribed conditions.

Penalties in the case of non-compliance

A penalty of imprisonment for a period of 2 years and/or a fine not exceeding 3,000,000 Saudi Riyals where a person discloses or publishes sensitive personal data in violation of the PDPL. Administrative fines of up to 5,000,000 Saudi Riyals may also be issued for any other violation of PDPL.

Organizations must be aware of the proposed amendments to Saudi Arabia’s Personal Data Protection Law, and its effective date to comply to avoid the penalties.

Are you an organization that wanted to comply with Saudi’s PDPL, reach out to our team of experts at Tsaaro to get assistance and compliance services.

Click Here : Personal Data Protection Law Saudi Arabia (KSA)

 
 
Zoeken
Sponsor
Categorieën
Read More
Networking
Integrate Shopify store with noon marketplace - manage your products inventory at one place
Integrating your Shopify store with the Noon marketplace using SKUPlugs offers a seamless...
By SKU Plugs 2024-08-07 10:02:48 0 454
Other
The Marine Chemicals Market is driven by growing demand for bio-based products
The marine chemicals market involves chemicals that aid in operations concerning ships, ports,...
By Ashwini Cmi 2024-08-26 09:42:18 0 322
Other
Sydney's Leading Industrial Cleaning Services – Safe & Reliable
Industries have unique cleaning needs that demand expert attention and advanced techniques....
By Gateway Services 2024-08-07 09:26:38 0 446
Other
Jenis Aksesoris Mobil dengan Fungsi Sebagai Pengaman
Sudah bukan rahasia lagi jika seandainya tindak pencurian kendaraan marak terjadi belakangan ini,...
By Andrie Samaran 2022-11-26 07:02:55 0 1K
Networking
Why Digital Marketing Agencies Are Vital for Healthcare Businesses
1. Introduction In the healthcare industry, digital presence and online engagement are more...
By Hikvision Camera 2024-12-18 12:51:21 0 30