PDPL
نظام حماية البيانات الشخصية
Also known as: Personal Data Protection Law
PDPL (Personal Data Protection Law) is Saudi Arabia's GDPR-equivalent legislation, enforced from September 2024 by SDAIA. It mandates lawful basis for processing, data-subject rights (access, deletion, portability), 72-hour breach notification, and data residency: personal data of Saudi residents must stay in-kingdom unless the recipient jurisdiction has SDAIA-approved adequacy. CCTV footage,…
Definition
PDPL (Personal Data Protection Law) is Saudi Arabia's GDPR-equivalent legislation, enforced from September 2024 by SDAIA. It mandates lawful basis for processing, data-subject rights (access, deletion, portability), 72-hour breach notification, and data residency: personal data of Saudi residents must stay in-kingdom unless the recipient jurisdiction has SDAIA-approved adequacy. CCTV footage, biometric data, and worker images all qualify as personal data. FI Tech architects every deployment with PDPL by design — local edge inference, kingdom-resident storage, anonymized telemetry to overseas analytics, and DPA contracts with every customer. Non-compliance fines reach SAR 5 M + criminal liability.
