Category: Saudi Arabia

Personal Data Protection Law (PDPL), 2021

The Personal Data Protection Law is Saudi Arabia’s first comprehensive data privacy law, issued pursuant to Royal Decree No. M/19 dated 09/02/1443 AH (16 September 2021), as amended by Royal Decree No. M/148 dated 5/9/1444H (27 March 2023). The law came into effect on 14 September 2023 with a one-year grace period for compliance ending […]

National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC), 2024

The Essential Cybersecurity Controls (ECC – 2: 2024) issued by the National Cybersecurity Authority establish mandatory cybersecurity requirements for organizations in Saudi Arabia. These controls cover various aspects of information security including access management, data protection, incident response, and security monitoring. Organizations must implement these controls to protect personal and sensitive data from cybersecurity threats. […]

Regulations on Personal Data Transfer Outside the Kingdom, 2023 (Updated 2024)

The Data Transfer Regulations, initially issued on 7 September 2023 and replaced by a new version on 1 September 2024, govern the transfer of personal data outside Saudi Arabia’s borders. These regulations establish requirements for cross-border data transfers including adequacy assessments, appropriate safeguards, and specific contractual requirements. Organizations must ensure transferred data receives protection comparable […]

Implementing Regulations of the PDPL, 2023

The Implementing Regulations were issued on 7 September 2023 and provide detailed guidance on various PDPL requirements. They include provisions for privacy policies, data breach notifications within 72 hours, Data Protection Impact Assessments for high-risk processing, and specific requirements for continuous and large-scale processing of personal data. The regulations also address data controller obligations for disclosure […]

Disclaimer

The Bar Council of India forbids advocates from advertising or soliciting in any shape or manner. By using this website (datalex.in), you recognise and affirm that you are seeking information about DATALEX on your own initiative and that DATALEX or its members have made no solicitation, advertising, or enticement. This website’s content is provided for educational purposes only and should not be construed as solicitation or advertisement. If a visitor wishes to obtain or use our legal services online, it is performed on his or her own free will and agreement, and should not be regarded as solicitation, enticement, or advertisement in any way. DATALEX is not responsible for any actions made as a result of relying on the material/information on this website. DATALEX owns the intellectual property rights to the contents of this website.

DISCLAIMER

The Bar Council of India does not permit soliciting work or advertising by advocates in any manner or form. By clicking on “AGREE” below, the user acknowledges and confirms that:

  1. There has been no advertisement, personal communication, solicitation, invitation or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
  2. The website is a resource solely for the purpose of providing general information about Veritas Legal at the user’s own risk, cost and liability; 
  3. The information provided in this website shall not be construed as legal advice or create any lawyer-client relationship in any manner whatsoever; 
  4. The links provided on this website shall in no way be considered referrals, endorsements or affiliations with the linked entities and Veritas Legal shall not hold responsibility for the content of such links.

The user shall not hold Veritas Legal responsible for any action taken relying upon the content of the website. In cases where the user has any legal issues and requires assistance, he/she/it must seek independent legal advice.

AGREE DISAGREE

ENTER
WhatsApp
LinkedIn
Building a Privacy-First, Trustless Ecosystem for Data Protection.