PDPL Article 1 defines the key terms and concepts used throughout the PDPL so everyone understands them in the same way throughout the law.
For the purpose of implementing this Law, the following terms shall have the meanings assigned thereto, unless the context requires otherwise:
Saudi PDPL Article 1 (1)
Law
The Personal Data Protection Law.
Saudi PDPL Article 1 (2)
Regulations
The Implementing Regulations of the Law.
Saudi PDPL Article 1 (3)
Competent Authority
The authority to be determined by a resolution of the Council of Ministers.
Saudi PDPL Article 1 (4)
Personal Data
Any data, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, including name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.
Saudi PDPL Article 1 (5)
Processing
Any operation carried out on Personal Data by any means, whether manual or automated, including collecting, recording, saving, indexing, organizing, formatting, storing, modifying, updating, consolidating, retrieving, using, disclosing, transmitting, publishing, sharing, linking, blocking, erasing and destroying data.
Saudi PDPL Article 1 (6)
Collection
The collection of Personal Data by Controller in accordance with the provisions of this Law, either from the Data Subject directly, a representative of the Data Subject, any legal guardian over the Data Subject or any other party.
Saudi PDPL Article 1 (7)
Destruction
Any action taken on Personal Data that makes it unreadable and irretrievable, or impossible to identify the related Data Subject.
Saudi PDPL Article 1 (8)
Disclosure
Enabling any person – other than the Controller or the Processor, as the case may be – to access, collect or use personal data by any means and for any purpose.
Saudi PDPL Article 1 (9)
Transfer
The transfer of Personal Data from one place to another for Processing.
Saudi PDPL Article 1 (10)
Publishing
Transmitting or making available any Personal Data using any written, audio or visual means.
Saudi PDPL Article 1 (11)
Sensitive Data
Personal Data revealing racial or ethnic origin, or religious, intellectual or political belief, data relating to security criminal convictions and offenses, biometric or Genetic Data for the purpose of identifying the person, Health Data, and data that indicates that one or both of the individual’s parents are unknown.
Saudi PDPL Article 1 (12)
Genetic Data
Any Personal Data related to the hereditary or acquired characteristics of a natural person that uniquely identifies the physiological or health characteristics of that person, and derived from biological sample analysis of that person, such as DNA or any other testing that leads to generating Genetic Data.
Saudi PDPL Article 1 (13)
Health Data
Any Personal Data related to an individual’s health condition, whether their physical, mental or psychological conditions, or related to Health Services received by that individual.
Saudi PDPL Article 1 (14)
Health Services
Services related to the health of an individual, including preventive, curative, rehabilitative and hospitalizing services, as well as the provision of medications.
Saudi PDPL Article 1 (15)
Credit Data
Any Personal Data related to an individual’s request for, or obtaining of, financing from a financing entity, whether for a personal or family purpose, including any data relating to that individual’s ability to obtain and repay debts, and the credit history of that person.
Saudi PDPL Article 1 (16)
Data Subject
The individual to whom the Personal Data relate.
Saudi PDPL Article 1 (17)
Public Entity
Any ministry, department, public institution or public authority, any independent public entity in the Kingdom, or any affiliated entity therewith.
Saudi PDPL Article 1 (18)
Controller
Any Public Entity, natural person or private legal person that specifies the purpose and manner of Processing Personal Data, whether the data is processed by that Controller or by the Processor.
Saudi PDPL Article 1 (18)
Processor
Any Public Entity, natural person or private legal person that processes Personal Data for the benefit and on behalf of the Controller.
