Overview
The Rules Governing the National Register of Controllers Within the Kingdom Article 12 explains that the National Register Platform provides key digital services to support PDPL compliance and protect personal data in Saudi Arabia. These services assist controllers in notifying breaches, conducting privacy assessments, receiving legal guidance, and tracking ongoing compliance. They are designed to enforce the view of data as a national asset while defending individuals’ rights.
Controllers and individuals registered on the Platform gain access to four core services: breach notifications, privacy assessments, legal advisory, and compliance evaluations.
SDAIA's Official Text
The text below reproduces official PDPL law, regulation, or guideline issued by the Saudi Data & AI Authority, verified against the original SDAIA source. No changes or reinterpretation applied.
Article 12: Services Provided on the Platform
The Platform offers a range of e-services aimed at protecting data as national assets and safeguarding the rights of individuals from illegal violations. These services include:
- Personal Data Breach Notification Service: This service enables Controllers to notify a personal data breach incident to the Competent Authority immediately after its occurrence, within a period not exceeding (72) hours of becoming aware of the incident, this reporting is necessary if the incident would harm the personal data or the data subject or if it conflicts with their rights or interests, as outlined in Article (24) of the Executive Regulations of the Personal Data Protection Law.
- Privacy Impact Assessment Service: This tool analyzes the impact of processing personal data on the products and services provided. It helps determine the scope and objectives of the processing, identify regulatory justifications, and assess the risks associated with processing personal data.
- Legal Support Service: This service provides support and guidance to assist public entities in understanding the Personal Data Protection Law and its regulations. This includes interpreting stipulated provisions and requirements as well as offering guidance on relevant manuals and regulations, thereby contributing to ensuring effective application and achieving desired goals.
- Compliance Assessment Service: This service involves periodically evaluating compliance with specific standards and requirements to monitor the level of commitment and ensure the effectiveness of actions taken to implement laws, regulations, and policies. It also helps identify incorrect practices to address them and improves business practices and procedures.
Plain-Language Explanation
The explanation below is provided to help you understand the SDAIA’s legal text and does not replace or override the official PDPL law, regulation, or guideline.
Article 12
Purpose of Platform Services
Article 12(1)
Personal Data Breach Notification Service
Article 12(2)
Privacy Impact Assessment (PIA) Service
Article 12(3)
Legal Support Service
This provision establishes a service that provides guidance to public entities on the interpretation and application of the Personal Data Protection Law (PDPL) and its regulations. The service supports understanding of legal requirements and contributes to effective regulatory implementation.
