Rules for Appointing Personal Data Protection Officer Article 1 introduces the terminology used in the Rules for appointing a Data Protection Officer (DPO). It clarifies that unless specifically defined within these Rules, all terms carry the same meaning as stated in the PDPL and its Implementing Regulations. It also defines key terms including the “Competent Authority” (SDAIA), “Data Protection Officer” (DPO), and “Core Activities” of a Controller.
Rules for Appointing Personal Data Protection Officer Article 1 (1)
The terms and phrases mentioned herein shall have the meanings ascribed thereto in Article (1) of Personal Data Protection Law, hereinafter referred to as the “Law”, issued pursuant to Royal Decree No. (M/19) dated 09/02/1443 AH and amended pursuant to Royal Decree No. (M/148) dated 05/09/1444 AH and Article (1) of the Implementing Regulations of the Law, unless they have a specific definition herein.
The Rules Governing the National Register of Controllers Within the Kingdom Article 1 (2)
The following terms and phrases, wherever mentioned herein, shall have the meanings ascribed thereto, unless the context requires otherwise:
The Rules Governing the National Register of Controllers Within the Kingdom Article 1 (3)
Competent Authority
Saudi Data & AI Authority (SDAIA).
The Rules Governing the National Register of Controllers Within the Kingdom Article 1 (4)
Data Protection Officer (DPO)
One or more natural persons appointed by Controller to be responsible for monitoring the implementation of the provisions of the Law and its Implementing Regulations, overseeing procedures applicable by Controller, and receiving requests relate to Personal Data in accordance with provisions of the Law and its Implementing Regulations.
The Rules Governing the National Register of Controllers Within the Kingdom Article 1 (5)
Core activities
Activities conducted by the Controller to achieve its core objectives.
