Personal Data Protection Law Committees to Impose Penalties on Confirmed Violations

The Committees for Reviewing Violations of the Provisions of the Personal Data Protection Law and its Regulations at the Saudi Data and AI Authority (SDAIA) issued decisions regarding confirmed violations last year.

 As part of their mandate to review violations and impose penalties under Article 36 of the law, the committees issued 48 decisions confirming violations and enforcing the legally prescribed penalties on data controllers within the law's scope and its implementing regulations.

 The violations reviewed by the committees included collecting and processing personal data, disclosing personal data without legal justification, and data controllers' failure to implement the appropriate organizational, administrative, and technical measures to maintain and protect personal data. The violations also included sending advertising and marketing messages to data subjects without their consent, in violation of the law.

 These measures are part of SDAIA's ongoing efforts to oversee the implementation of the Personal Data Protection Law and its Implementing Regulations.

 SDAIA's work is part of an integrated system designed to consolidate responsible personal data-handling practices, enhance compliance with relevant legal requirements, protect individuals' personal data as the law's primary objective, and enhance trust in digital activities.