Overview
PDPL Implementing Regulation Article 7 sets out how a Data Subject may request correction of their personal data and the obligations on the Controller when accuracy is disputed.
It allows the Data Subject to seek temporary restriction of processing while accuracy is verified, permits the Controller to request supporting documents needed for correction, and requires the Controller to notify any parties who previously received inaccurate data once the correction is made.
SDAIA's Official Text
The text below reproduces official PDPL law, regulation, or guideline issued by the Saudi Data & AI Authority, verified against the original SDAIA source. No changes or reinterpretation applied.
Article 7: Right to Request Correction of Personal Data
- Data Subject shall have the right to obtain from the Controller a restriction of Processing when the accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Personal Data. The aforementioned restriction shall not apply if providing such data contravenes provisions of the Law and this Regulation.
- Controller may request needed supporting documents or evidence to verify in order to update, correct, or complete the Personal Data, provided that such documents or evidence are destroyed once the verification process is completed.
- Upon correcting the Personal Data, the Controller shall notify the parties to whom the Personal Data was previously disclosed without delay.
Plain-Language Explanation
The explanation below is provided to help you understand the SDAIA’s legal text and does not replace or override the official PDPL law, regulation, or guideline.
Article 7(1)
Temporary Restriction During Verification
This provision states that the Data Subject has the right to obtain a restriction of processing from the Controller when they contest the accuracy of personal data. The restriction lasts for a period that allows the Controller to verify the accuracy of the data. It also states that this restriction does not apply when providing such data would contravene the provisions of the Law or this Regulation.
The provision ensures that accuracy concerns can be addressed while preserving legal compliance requirements.
Article 7(2)
Supporting Documents For Correction
This provision states that the Controller may request supporting documents or evidence needed to verify, update, correct, or complete the personal data. It also requires that such documents or evidence be destroyed once the verification process is completed.
The provision clarifies that supporting materials may be necessary for correction requests and must not be retained beyond their verification purpose.
Article 7(3)
Notifying Previous Recipients
This provision requires the Controller, after correcting the personal data, to notify without delay the parties to whom the personal data was previously disclosed.
It ensures that corrections propagate to all relevant recipients and that previously shared inaccurate data is addressed.
