Home/Regulations/PDPL
All Regulations
🇸🇦

PDPL

Suudi Arabistan Kişisel Veri Koruma Kanunu

Saudi Arabia
Effective: September 14, 2023
Active

Saudi Arabia's first comprehensive data protection law. Inspired by GDPR and includes strict data localization requirements.

Scope

  • Applies to all organizations processing personal data in Saudi Arabia
  • Covers those processing SA residents' data from abroad
  • Includes public and private sector

Data Subject Rights

  • Right to be informed
  • Right to access
  • Right to correction and deletion
  • Right to restrict processing

Key Obligations

  • Data controller registration
  • Data protection impact assessment
  • Breach notification (72 hours)
  • Data localization requirements

Penalties

PDPL provides for significant fines and imprisonment for violations.

Maximum Fine
Up to 5 million SAR fine and/or up to 2 years imprisonment.

Cross-Border Transfers

Cross-border transfers require NDMO approval or adequate protection. Localization mandatory for sensitive data.

Supervisory Authority

National Data Management Office (NDMO)

Visit website →

Related Regulations

🇪🇺GDPR🇦🇪DIFC DPL

Need PDPL Compliance?

JUS. helps you comply with PDPL requirements efficiently.

Book a Demo

Compare Regulations

See how PDPL compares to other privacy laws.

Explore in Compliance Hub

View detailed data protection information for Saudi Arabia.

Go to Saudi Arabia

Simplify PDPL Compliance

Automate compliance workflows, manage data subject requests, and demonstrate compliance with JUS.

Book a DemoView Solutions
Request Demo