Data is considered a significant asset in this digital age, and a breach of such sensitive information can cause damage to life and property. There’s a famous incident where Cambridge Analytica, a British political consulting firm, had purportedly utilized the data of up to 87 million Facebook users to sway elections worldwide.
Across the globe, many countries have introduced strict data privacy regulations with which businesses must comply to safeguard consumer data. The Saudi Arabian government has made changes to the Personal Data Protection Law (PDPL) which will take effect by September 2023.
This article will provide insight into the Kingdom’s data protection regulations and essential laws that tech companies must comply with.
Saudi Government Updates Data Privacy Law
Any organization that intends to handle Saudi Arabian personal data must do so per the government’s data privacy laws. A consultation paper published by the Saudi Data & Artificial Intelligence Authority (SDAIA) in November 2022 contained a list of proposed amendments to the data privacy laws. While only some of these recommendations have been adopted, some were considered in the amended PDPL.
For instance, the law requires that all businesses ensure their privacy policies are available for users to review before providing their personal information. Additionally, the PDPL requires companies to frequently ensure impact assessment to ensure all necessary compliance procedures are in place.
Similarly, the company must only choose processing outsourcing partners that have taken all reasonable steps to adhere to legal requirements. Meanwhile, the SDAIA generously granted organizations one year from the PDPL’s effective date to properly execute its requirements because the PDPL is still relatively new.
Tech Companies are Required to Comply With Saudi Data Privacy Regulations
The Joint Statement on Data Privacy Policies issued by the Digital Cooperation Organization (DCO) calls on significant technology firms to collaborate with regulators to create privacy and user terms that safeguard user data and guarantee that data use is consistent with users’ informed consent.
Shortly after the joint statement was released, the DCO Secretary-General Deemah Al-Yahya confirmed that “almost half of all data breaches worldwide in 2021 involved personal user data. As a result, the DCO member states, which Saudi Arabia is a part of, are urging the heads of the world’s tech companies to strengthen user protection against the misuse of personal data.
Saudi Arabia’s data privacy laws apply to all personal information, including sensitive personal information, on its citizens, whether alive or dead. Al-Yahya also added that to fully utilize the promise of digital technology to enhance lives and unlock doors to economic opportunity, there must be a solid commitment to protect personal data.
Therefore, any publicly or privately owned organizations that intend to handle such data must follow the personal data protection law of Saudi Arabia. The DCO also plans to collaborate with legislators and business leaders to “align privacy terms and government regulations” to address the “emerging economic challenge” of data breaches.