News & Events

Saudi Arabia's Comprehensive Personal Data Protection Law Sets a One-Year Countdown for Compliance

Adopt eBOS, Your Trusted Partner for Seamless Implementation

In a significant development, the Saudi Data and Artificial Intelligence Authority formally released the Kingdom of Saudi Arabia’s ground-breaking Personal Data Protection Law (PDPL) on September 7th, 2023. Although the amendments to the PDPL were finalised earlier this year, the provisions only began to apply on September 14th, 2023, marking a pivotal moment for data privacy regulations in the Kingdom.

Furthermore, implementing regulations, which provide crucial details behind some of the new requirements, were issued on September 6th, 2023, shedding light on the intricacies of compliance. The PDPL applies not only to data processing within the Kingdom, but also has an extraterritorial effect, encompassing processing by foreign businesses concerning individuals residing in the Kingdom.

Organisations have been granted a one-year ‘grace’ period, allowing them until September 14th, 2024, to align their processing activities with the requirements of the PDPL and its implementing regulations. Beyond this grace period, the Saudi Data and Artificial Intelligence Authority (SDAIA) is expected to monitor and enforce compliance actively, emphasising the law’s significance and the importance of timely adherence.

To address these complex compliance challenges and ensure that your organisation meets the requirements of the PDPL, implement the innovative solutions offered by eBOS. As an innovative and customer-centric software company, eBOS provides cutting-edge regulatory technology solutions for automated risk and compliance management worldwide. Our core offering, the WiseBOS Suite, is designed to align your business with the best security standards and seamless flexibility to the ever-changing requirements.

Given the strict penalties for noncompliance, including the potential for organisations to receive either an official warning or a substantial fine of up to SAR 5 million ($1.3 million USD), the consequences are significant. In the event of a fine, the court or the competent authority can mandate that the organisation’s data controller and can look to publish the violation in one or more local newspapers at their own expense.

Hence, organisations are strongly encouraged to prioritise compliance during the initial year and plan for ongoing maturity. Achieving compliance requires the implementation of fundamental privacy principles and the coherent integration of relevant requirements into operational processes.

Contact us today for a demo and discover how eBOS can help you navigate the complex landscape of compliance with comprehensive, cost-effective, and progressive solutions. Join our diverse portfolio of international clients, including banks, government entities, and forward-thinking organisations from various industries, as we guide you through this era of rapid digital advancement.

Get in Touch with
One of our Specialists