Overview
The Rules Governing the National Register of Controllers Within the Kingdom Article 3 sets out the requirements for appointing a representative for registration purposes on the National Data Governance Platform.
It distinguishes between public entities, private entities, and individuals, and defines how each category must designate or act as its registration representative to ensure accountability and proper interaction with the Competent Authority (SDAIA).
SDAIA's Official Text
The text below reproduces official PDPL law, regulation, or guideline issued by the Saudi Data & AI Authority, verified against the original SDAIA source. No changes or reinterpretation applied.
Article 3: Controller Delegate Appointment
- Public Entity: A representative shall be appointed through the registration form sent by the Competent Authority.
- Private Entity: A representative shall be appointed through the Platform by the authorized person.
- Individuals: Individuals are their own representatives and are not allowed to designate other people.
Plain-Language Explanation
The explanation below is provided to help you understand the SDAIA’s legal text and does not replace or override the official PDPL law, regulation, or guideline.
Article 3
Purpose of Representative Appointment
This Article establishes who may act as the official representative of a Controller for the purposes of registration on the National Data Governance Platform.
The appointment of a representative ensures that there is a clearly identified point of responsibility for registration accuracy, communication, and compliance follow up.
Article 3(1)
Public Entity Representatives
For public entities, the appointment of a representative is conducted through a registration form issued by the Competent Authority (SDAIA). This reflects a controlled and authority driven process for public sector registration, ensuring alignment with governmental oversight mechanisms.
