THE LAW FIRM OF HAZIM AL MADANI ATTORNEYS AND LEGAL CONSULTANTS
Personal Data Protection Law And the latest amendments
The personal data protection law is considered one of the most important legal systems that help in protecting online users’ privacy and ensuring that their data is not unlawfully exploited. This system includes several rules and regulations that require institutions and companies to adhere to the necessary security and protection standards to safeguard user data. KSA has paid close attention to the importance of this system in the rapidly evolving world of information technology over the past decades, and this scene is becoming even more crystallized in the Vision 2030 era, which aims to establish technologically and scientifically advanced generations.
Cybersecurity and data protection experts expect the importance of protecting personal data to increase shortly in the Kingdom of Saudi Arabia, including Vision 2030, which aims to transform the Kingdom into a digital economy. This system assisted Saudi Arabia in its commitment to international standards for the protection of personal data, making the country a trusted and expedient place for investment and business.
Broadly speaking, Vision 2030 aspires to revolutionize Saudi Arabia into a robust and dependable digital economy, wherein the safeguarding of personal data constitutes a fundamental aspect of this ambitious objective. Consequently, the Kingdom has adopted a series of legal provisions to fortify personal data protection and imposed stringent requirements on companies to adhere to global data protection norms, encompassing compliance with European regulations. In addition, Saudi Arabia has instituted novel regulations to guarantee the preservation of personal data for both individuals and corporate entities.
Moreover, Saudi Arabia is diligently endeavoring to heighten public cognizance regarding the significance of safeguarding personal data and apprising citizens of their entitlements. The nation has initiated targeted awareness campaigns tailored towards both corporate entities and individual constituents. Additionally, Saudi Arabia aspires to inaugurate a dedicated authority for personal data protection, tasked with the regulation and advancement of the sector, as well as the assurance of conformity with global benchmarks. This authoritative body is anticipated to assume a pivotal function in executing the Vision 2030 blueprint pertaining to the preservation of personal data.
One of the most significant amendments to the law is Article 12, which dictates that the controller must adopt a privacy policy and make it available to data subjects when collecting their data. The policy must encompass the purpose of collection, the required personal data, the method of collection, the means of storage, the manner of processing, the procedure for destruction, the data subject’s rights concerning their data, and the methods to exercise these rights. The objective of modifying this article is to enhance the protection of individuals’ privacy.
Another notable amendment is Article 35, which states that anyone who discloses sensitive data or publishes it in violation of the law, intending to harm the data subject or gain personal benefit, shall be subjected to a maximum of two years in prison and a fine not exceeding three million riyals, or both. The severity of this punishment aims to shield individuals from exploitation and coercion, which can result in criminal activities and societal disorder. Consequently, the state is diligently working to safeguard individuals, institutions, and society from transgressions and disruptions, while seeking the most suitable solutions to attain the envisioned digital economy in accordance with Vision 2030.
Cybersecurity and data protection experts expect the importance of protecting personal data to increase shortly in the Kingdom of Saudi Arabia, including Vision 2030, which aims to transform the Kingdom into a digital economy. This system assisted Saudi Arabia in its commitment to international standards for the protection of personal data, making the country a trusted and expedient place for investment and business.
Broadly speaking, Vision 2030 aspires to revolutionize Saudi Arabia into a robust and dependable digital economy, wherein the safeguarding of personal data constitutes a fundamental aspect of this ambitious objective. Consequently, the Kingdom has adopted a series of legal provisions to fortify personal data protection and imposed stringent requirements on companies to adhere to global data protection norms, encompassing compliance with European regulations. In addition, Saudi Arabia has instituted novel regulations to guarantee the preservation of personal data for both individuals and corporate entities.
Moreover, Saudi Arabia is diligently endeavoring to heighten public cognizance regarding the significance of safeguarding personal data and apprising citizens of their entitlements. The nation has initiated targeted awareness campaigns tailored towards both corporate entities and individual constituents. Additionally, Saudi Arabia aspires to inaugurate a dedicated authority for personal data protection, tasked with the regulation and advancement of the sector, as well as the assurance of conformity with global benchmarks. This authoritative body is anticipated to assume a pivotal function in executing the Vision 2030 blueprint pertaining to the preservation of personal data.
One of the most significant amendments to the law is Article 12, which dictates that the controller must adopt a privacy policy and make it available to data subjects when collecting their data. The policy must encompass the purpose of collection, the required personal data, the method of collection, the means of storage, the manner of processing, the procedure for destruction, the data subject’s rights concerning their data, and the methods to exercise these rights. The objective of modifying this article is to enhance the protection of individuals’ privacy.
Another notable amendment is Article 35, which states that anyone who discloses sensitive data or publishes it in violation of the law, intending to harm the data subject or gain personal benefit, shall be subjected to a maximum of two years in prison and a fine not exceeding three million riyals, or both. The severity of this punishment aims to shield individuals from exploitation and coercion, which can result in criminal activities and societal disorder. Consequently, the state is diligently working to safeguard individuals, institutions, and society from transgressions and disruptions, while seeking the most suitable solutions to attain the envisioned digital economy in accordance with Vision 2030.
The contents of these pages are for your general information and public use only, and is subject to adjustment without prior notice. We do not provide any undertakings or guarantees of the accuracy of the contents and information covered in this document and it may contain errors and mistakes. Therefore, we explicitly disclaim any responsibility on our part that may result from any mistake or error to the maximum extent permissible under the law. Your use of the information provided in this document is at your own risk without taking any responsibility on our part. You are solely responsible for ensuring that any information available in this website does meet and comply with your specific requirements.