The PDPL is a comprehensive law that applies to all organizations that process personal data in the KSA, regardless of whether they are located in the KSA or abroad. The law defines personal data as any information that relates to an identified or identifiable individual.

The PDPL was originally set to be enforced on March 23, 2022. However, SDAIA submitted proposed amendments to the PDPL for public consultation from 20th November 2022 till 20th December 2022. On March 21st, 2023, the Saudi Council of Ministers passed amendments to the PDPL.

On 7th September 2023, SDAIA published the Implementing Regulations to the PDPL and the Personal Data Transfers Regulations. The Implementing Regulations and the Regulations on Personal Data Transfers provide details on the general obligations and principles highlighted in the PDPL. The regulations and the PDPL then came into force on 14 September 2023. However, organizations that process personal data have been provided with a one-year grace period to modify their practices and comply with the new legislative requirements. The grace period will effectively end on 14 September 2024.

Green Circle Cybersecurity, in collaboration with EC-Council, is proud to announce the launch of an exclusive workshop in Saudi Arabia aimed at raising awareness about the Personal Data Protection Law (PDPL). This initiative targets both companies and individuals, providing essential insights into the key regulatory requirements, compliance strategies, and best practices to safeguard personal data. The workshop will empower participants with the knowledge needed to align their operations with PDPL mandates, reinforcing data privacy and security across various sectors. Through this collaboration, Green Circle Cybersecurity and EC-Council are committed to promoting a culture of data protection, supporting Saudi Arabia’s vision of enhanced digital resilience and compliance with global privacy standards

Register now