Skip to content

Personal Data Protection Law (PDPL)
PDPL Implementing Regulation
Regulation on Personal Data Transfer

Personal Data Protection Law (PDPL)
PDPL Implementing Regulation
Regulation on Personal Data Transfer

PDPL Compliance Services

Saudi Personal Data Protection Law (KSA PDPL)

PDPL Implementing Regulation

Regulation on Personal Data Transfer outside the Kingdom

Rules for Appointing Personal Data Protection Officer (DPO)

Rules Governing the National Register of Controllers Within the Kingdom

Personal Data Breach Incidents Procedural Guide

Standard Contractual Clauses (SCCs) For Personal Data Transfer

Guidelines for Binding Common Rules (BCR) for Personal Transfer

Risk Assessment Guideline for Transferring Personal Data Outside the Kingdom

Personal Data Destruction, Anonymization, and Encryption Guideline

Personal Data Processing Activities Records Guideline (RoPA)

Minimum Personal Data Determination Guideline

Elaboration and Developing Privacy Policy Guideline

No posts found

Saudi Personal Data Protection Law (KSA PDPL)

Saudi PDPL Article 1 – Definitions

Saudi PDPL Article 2 – Scope of Personal Data Processing

Saudi PDPL Article 3 – Additional Rights Protection

Saudi PDPL Article 4 – Data Subject Rights (DSR)

Saudi PDPL Article 5 – Consent Requirements for Processing

Saudi PDPL Article 6 – Consent Exceptions for Processing

Saudi PDPL Article 7 – No Forced Consent

Saudi PDPL Article 8 – Controller Obligations for Processors

Saudi PDPL Article 9 – Limits on Access Rights

Saudi PDPL Article 10 – Exceptions to Direct Collection Rule

Saudi PDPL Article 11 – Purpose and Collection Limits

Saudi PDPL Article 12 – Privacy Policy Requirements

Saudi PDPL Article 13 – Data Collection Disclosure Requirements

Saudi PDPL Article 14 – Data Accuracy Obligation

Saudi PDPL Article 15 – Permitted Disclosure Conditions

Saudi PDPL Article 16 – Prohibited Disclosures Despite Exceptions

Saudi PDPL Article 17 – Correction and Notification Duties

Saudi PDPL Article 18 – Personal Data Retention and Destruction

Saudi PDPL Article 19 – Mandatory Data Protection Measures

Saudi PDPL Article 20 – Personal Data Breach Notifications

Saudi PDPL Article 21 – Timely Response to Data Requests

Saudi PDPL Article 22 – Mandatory Data Impact Assessments

Saudi PDPL Article 23 – Special Rules for Health Data Processing

Saudi PDPL Article 24 – Additional Controls for Credit Data

Saudi PDPL Article 25 – Restrictions on Direct Marketing and Awareness Messages

Saudi PDPL Article 26 – Marketing Use of Personal Data

Saudi PDPL Article 27 – Research and Statistical Data Use

Saudi PDPL Article 28 – Restriction on Copying Official Documents

Saudi PDPL Article 29 – Cross-Border Data Transfers and Disclosures

Saudi PDPL Article 30 – Supervisory Authority and DPO Appointment

Saudi PDPL Article 31 – Record of Processing Activities (RoPA)

Saudi PDPL Article 32 – Repealed

Saudi PDPL Article 33 – Licensing, Accreditation, and Cross-Border Oversight

Saudi PDPL Article 34 – Right to File Complaints

Saudi PDPL Article 35 – Penalties for Sensitive Data Misuse

Saudi PDPL Article 36 – General Violations and Administrative Penalties

Saudi PDPL Article 37 – Inspection and Enforcement Powers

Saudi PDPL Article 38 – Court-Ordered Confiscation and Public Disclosure

Saudi PDPL Article 39 – Disciplinary Actions for Public Sector Employees

Saudi PDPL Article 40 – Right to Compensation for Privacy Breaches

Saudi PDPL Article 41 – Duty of Confidentiality After Exit

Saudi PDPL Article 42 – Timeline and Coordination for PDPL Regulations

Saudi PDPL Article 43 – PDPL Enforcement Timeline Confirmed

No posts found

“The Saudi Personal Data Protection Law (PDPL), issued under Royal Decree M/19 (2021) and amended by M/148 (2023), establishes the legal framework for personal data protection in the Kingdom under the supervision of SDAIA.”

KSA PDPL enforcement is active since 14 September 2024. Controllers and Processors must ensure continued compliance or risk penalties.

Saudi PDPL Compliance in 4 Weeks (KSA PDPL) ↓

Click the button below to start your PDPL Compliance journey, stay prepared for SDAIA audits, and eliminate the risk of enforcement actions.

Start PDPL Implementation

PDPL GAP Assessment

4 Weeks Saudi PDPL Compliance Sprint (KSA PDPL)

Hala Privacy offers a focused 4-week PDPL Compliance sprint for Small & Medium Enterprises (SMEs). Unlike other consulting firms, we don’t outsource or inflate costs. Our in-house PDPL Experts, Consultants, and Legal Counsel deliver compliance through on-site discovery, workshops, policy implementation, and structured, audit-ready documentation.

We handle everything: Data Controller Registration, DPO Assignment, RoPA, Legal Basis, Privacy Notice, DSR, DPA, DPIA, TIA, SCC, BCR, Cookies & Consent, Breach Readiness, Training, etc., ensuring SDAIA aligned PDPL Compliance.

Linkedin Huge-mail-01 Mobile-alt

We are here to help! Whether you are just starting your PDPL compliance journey or exploring options like DPO-as-a-Service or a PDPL external Audit, Hala Privacy is ready to answer your questions and guide you every step of the way.

COMPANY

Talk to PDPL Experts
Refer & Earn
Founders
About
Join

PDPL TOPICS

Personal Data Discovery
Vendor Risk Assessment
Privacy by Design
PDPL Training

PDPL RESOURCES

PDPL GAP Assessment
PDPL Case Studies
PDPL Newsletter
PIA Template
PDPL Guide
PDPL FAQ

PDPL COMPLIANCE

PDPL Implementation
DPO as a Service
PDPL Audit

Copyright © KSAPDPL | All Rights Reserved

This website is not affiliated with, endorsed by, or authorized by the Saudi Data & AI Authority (SDAIA).

Privacy Notice
Sitemap
Legal Notice

Scroll to Top

Hala! Simply type the PDPL article number or keyword to search