What businesses can expect from PDPL, Saudi Arabia's incoming data law


Al-Monitor Pro Members


Samuel Wendel

Senior Market Research Analyst, Al-Monitor


March 8, 2023

Bottom Line:

Enforcement of Saudi Arabia’s long-awaited personal data protection law, called the PDPL, is scheduled to begin March 17, 2023, with an expected grace period of one year to reach compliance. This comes after Saudi authorities abruptly postponed enforcement at the original March 2022 deadline. Industry players had chafed at restrictions on how personal data could be collected, used and stored, particularly with regard to limits on transferring data outside the kingdom. Although GCC neighbors have implemented similar laws recently, Saudi Arabia’s potentially daunting data restrictions — combined with its market might — amplify the importance of these new rules, which could have a significant impact on the cost of doing business in the kingdom for multinationals. Despite the fast approaching deadline, there’s still ambiguity around the PDPL’s implementing regulations, which could see several scenarios play out in coming weeks.

Access the Middle East news and analysis you can trust

Join our community of Middle East readers to experience all of Al-Monitor, including 24/7 news, analyses, memos, reports and newsletters.


Only $100 per year.