KSAPDPL.COM

PDPL Compliance Services
PDPL Compliance in 4 Weeks
Start with PDPL Consulting
at HalaPrivacy.com

Table of Contents

← PDPL Compliance Ecosystem

The Rules Governing the National Register of Controllers Within the Kingdom – Introduction
The Rules Governing the National Register of Controllers Within the Kingdom Article 1 – Definitions
The Rules Governing the National Register of Controllers Within the Kingdom Article 2 – Scope and Objective
The Rules Governing the National Register of Controllers Within the Kingdom Article 3 – Controller Delegate Appointment
The Rules Governing the National Register of Controllers Within the Kingdom Article 4 – Registration Procedures
The Rules Governing the National Register of Controllers Within the Kingdom Article 5 – Profile Data
The Rules Governing the National Register of Controllers Within the Kingdom Article 6 – Circumstances for Appointing a Personal Data Protection Officer (DPO)
The Rules Governing the National Register of Controllers Within the Kingdom Article 7 – Information of the Personal Data Protection Officer (DPO)
The Rules Governing the National Register of Controllers Within the Kingdom Article 8 – Obligations
The Rules Governing the National Register of Controllers Within the Kingdom Article 9 – Representative Replacement
The Rules Governing the National Register of Controllers Within the Kingdom Article 10 – Registration Certificate Issuance
The Rules Governing the National Register of Controllers Within the Kingdom Article 11 – Making Registration Certificate Available to the Public
The Rules Governing the National Register of Controllers Within the Kingdom Article 12 – Services Provided on the Platform
The Rules Governing the National Register of Controllers Within the Kingdom Article 13 – Review and Amendment
The Rules Governing the National Register of Controllers Within the Kingdom Article 14 – Enforcement

The Rules Governing the National Register of Controllers Within the Kingdom Article 7 – Information of the Personal Data Protection Officer (DPO)

  • This article is verified from SDAIA
  • halaprivacy.com
  • Updated: December 23, 2025
ChatGPT
Gemini Gemini
Claude Claude
Perplexity Perplexity

Overview

The Rules Governing the National Register of Controllers Within the Kingdom Article 7 sets out the mandatory information that must be provided on the National Data Governance Platform when a Personal Data Protection Officer (DPO) is appointed.

It specifies distinct data requirements depending on whether the DPO is an internal employee, an external contractor within the Kingdom, or a contractor located outside the Kingdom, ensuring proper identification, verification, and regulatory communication.

SDAIA's Official Text

The text below reproduces official PDPL law, regulation, or guideline issued by the Saudi Data & AI Authority, verified against the original SDAIA source. No changes or reinterpretation applied.

Article 7: Information of the Personal Data Protection Officer

  1. If a Personal Data Protection Officer is appointed in accordance with Article (6) of these rules, the representative shall fill in the Personal Data Protection Officer's information on the Platform to create the Controller’s account.

  2. If the Personal Data Protection Officer is an employee of the Controller or an external contractor, the representative must provide the following information:

    1. National ID/residency number for data retrieval purposes.

    2. Date of birth for verification of the entered national ID/residency number.

    3. Official contact information (phone number, email).

  3. If the Personal Data Protection Officer is a contractor located outside the Kingdom, the representative must provide the following information:

    1. First and last name.

    2. Official email.

    3. Official contact number.

  4. The representative may appoint themselves as the Personal Data Protection Officer if they are appointed by the Controller.

Plain-Language Explanation

The explanation below is provided to help you understand the SDAIA’s legal text and does not replace or override the official PDPL law, regulation, or guideline.

Article 7(1)

Platform Registration of the Personal Data Protection Officer (DPO)

This Article requires the Controller’s representative to register the Personal Data Protection Officer’s details on the National Data Governance Platform whenever a DPO is appointed under Article 6. The submission of this information is a prerequisite for creating and maintaining the Controller’s account on the Platform.

Article 7(2)

Information Requirements for Internal and Local External DPOs

Where the Personal Data Protection Officer (DPO) is an employee of the Controller or an external contractor, the representative must provide identity and verification data, including the national ID or residency number and date of birth. Official contact details must also be recorded to enable communication and regulatory follow up.

Article 7(3)

Information Requirements for DPOs Located Outside the Kingdom

If the Personal Data Protection Officer is a contractor located outside the Kingdom, the information requirements are limited to identification and contact details. These include the full name, official email address, and official contact number, reflecting the absence of national identification records within the Kingdom.

Article 7(4)

Appointment of the Representative as Personal Data Protection Officer (DPO)

This Article allows the Controller’s representative to appoint themselves as the Personal Data Protection Officer, provided that such appointment is formally made by the Controller. This provision enables flexibility in governance arrangements while maintaining accountability under the registration framework.

Saudi Personal Data Protection Law Compliance Services (KSA PDPL)

KSA PDPL Compliance Implementation

Achieve PDPL Compliance in 4 weeks or less.

Data Protection Officer As A Service (DPOaaS)

Let us handle your daily PDPL Compliance Operations.

KSA PDPL Compliance Audit (External)

Audit your PDPL compliance obligations.

Scroll to Top