Overview
PDPL Implementing Regulation Article 6 sets out the conditions under which a Data Subject may request a copy of their personal data in a readable and clear format.
It confirms that providing a copy must not harm the rights of others, requires the copy to be supplied in a commonly used electronic format with an option for a printed version when feasible, and ensures that granting access does not disclose personal data belonging to another individual.
SDAIA's Official Text
The text below reproduces official PDPL law, regulation, or guideline issued by the Saudi Data & AI Authority, verified against the original SDAIA source. No changes or reinterpretation applied.
Article 6: Right to Request Access to Personal Data
Subject to the provisions of Article (16) of the Law, the Data Subject has the right to request a copy of their Personal Data in a readable and clear format, subject to the following:
- Exercising the right to access Personal Data should not negatively impact the rights of others, such as intellectual property rights or trade secrets.
- The Personal Data is provided to the Data Subject in a commonly used electronic format and the Data Subject may request a printed hard copy if feasible.
- When granting a Data Subject access to their Personal Data, the Controller shall ensure that it does not involve disclosing Personal Data that identifies another individual.
Plain-Language Explanation
The explanation below is provided to help you understand the SDAIA’s legal text and does not replace or override the official PDPL law, regulation, or guideline.
Article 6(1)
Protecting Third Party Rights
This provision states that exercising the right to request a copy of personal data must not negatively impact the rights of others, including intellectual property rights or trade secrets.
It ensures that providing a copy to the Data Subject does not compromise protected information connected to third parties.
Article 6(2)
Format And Copy Options
This provision requires that personal data be provided to the Data Subject in a commonly used electronic format. It also states that the Data Subject may request a printed hard copy if feasible.
It identifies both electronic and physical formats as possible ways to deliver the requested data, with feasibility determining the availability of a printed version.
Article 6(3)
Preventing Third Party Disclosure
This provision requires the Controller to ensure that granting a Data Subject access to their personal data does not result in disclosing personal data that identifies another individual.
It protects the privacy of third parties during the process of providing a copy of personal data.
