What businesses can expect from PDPL, Saudi Arabia's incoming data law

A Saudi man has his picture taken for his election ID card as registration opened 23 November 2004, for the kingdom's first municipal elections, to be held in February 2005. The first round of the elections, in which women are barred from voting, is the first of the three-stage process of choosing half the members of 178 municipal councils, the other half of which are named by the government, in a drive to introduce limited reforms which Riyadh insists must be tailored to Saudi specifications and not neces

To:

Al-Monitor Pro Members

From:

Samuel Wendel

Senior Market Research Analyst, Al-Monitor

Date:

March 8, 2023

Bottom Line:

Enforcement of Saudi Arabia’s long-awaited personal data protection law, called the PDPL, is scheduled to begin March 17, 2023, with an expected grace period of one year to reach compliance. This comes after Saudi authorities abruptly postponed enforcement at the original March 2022 deadline. Industry players had chafed at restrictions on how personal data could be collected, used and stored, particularly with regard to limits on transferring data outside the kingdom. Although GCC neighbors have implemented similar laws recently, Saudi Arabia’s potentially daunting data restrictions — combined with its market might — amplify the importance of these new rules, which could have a significant impact on the cost of doing business in the kingdom for multinationals. Despite the fast approaching deadline, there’s still ambiguity around the PDPL’s implementing regulations, which could see several scenarios play out in coming weeks.

Search Al-Monitor

Search

The Middle Eastʼs leading independent news source since 2012

Search

What businesses can expect from PDPL, Saudi Arabia's incoming data law

Saudi Arabia’s new personal data protection law, which goes into effect next week, could significantly impact the cost of doing business for multinationals in the kingdom.