Revised Data Protection Law in Saudi Arabia

Revised Data Protection Law in Saudi Arabia

In the rapidly changing world of data protection, Saudi Arabia is taking big steps to make its existing Personal Data Protection Law (PDPL), introduced in 2021, stronger. These new changes show that the country is committed to dealing with concerns, in addition to ensuring its laws match international data protection rules. However, it’s important to take into consideration that the PDPL is different and understanding that is important. Just copying GDPR rules might not make everything work perfectly. 


A Glimpse of Changes 

  • Legitimate Interest as a Legal Basis: Using “legitimate interests” as a valid reason for handling personal data is a key change. Instead of only relying on consent, this gives data controllers more reasons to process data. This change helps businesses while still protecting people’s data rights. 
  • International Data Transfers: At first, the PDPL had strict rules for sending data across borders. But the new changes make it easier to do this. International data transfers are now simpler, especially for companies working with data around the world. 
  • Shift in Sanctions Focus: Instead of making international data transfers a crime, the updated PDPL focuses on stopping sensitive personal data from being shared without permission. This change highlights a way to manage risks while also protecting people and businesses. 
  • Mandatory Data Protection Officers: A big step to make data protection stronger is the rule that says specific situations must have Data Protection Officers (DPOs). This follows a worldwide trend where companies choose certain people to make sure they follow data privacy rules. 
  • Redefined Sensitivity of Location Data: A big change is how location data is seen. It’s not automatically seen as very sensitive anymore. This change lets businesses use this data more freely, but they still have to protect people’s privacy well. 


Navigating the Regulatory Landscape in Saudi Arabia

The PDPL covers a wide area, including any group that uses personal data of people in Saudi Arabia, no matter where they are. This shows that Saudi Arabia wants to protect its residents’ privacy, even though it might cause challenges for global organisations.  


In Conclusion 

Saudi Arabia aims for its data protection laws to align to international data laws. This requires businesses to be cautious. They should stay informed about updates and changes and have a strong understanding on what they mean. By using a unique way of protecting data, companies can balance keeping data safe whilst remaining innovative and digital. 


Lynsey HansonWritten by

Lynsey Hanson | Data Protection Officer at TenIntelligence