SDAIA Issues Rules Governing Personal Data Protection Licensing, Accreditation
The Saudi Data and AI Authority (SDAIA) issued two regulatory documents: the Rules Governing the Licensing of Activities for Issuing Accreditation Certificates to Controllers and Processors and the Auditing and Inspection of Personal Data Processing Activities, and the Rules Governing the Issuance of Accreditation Certificates to Controllers and Processors.
The moves come as part of SDAIA's ongoing efforts to develop the regulatory environment for personal data protection, raise compliance levels, and strengthen regulatory practices associated with personal data processing activities in the Kingdom.
The Rules Governing the Licensing of Activities for Issuing Accreditation Certificates to Controllers and Processors and the Auditing and Inspection of Personal Data Processing Activities aim to establish the rules and procedures governing the granting of licenses to entities seeking to undertake accreditation certificate issuance, as well as auditing and inspection of personal data processing activities carried out by controllers and processors, thereby regulating these activities related to personal data protection.
The Rules Governing the Issuance of Accreditation Certificates to Controllers and Processors seek to enhance the level of compliance of entities subject to the provisions of the Personal Data Protection Law and its Implementing Regulations, and to strengthen the practices and procedures adopted by controllers and processors in matters related to personal data protection.
Both documents aim to encourage entities falling within the scope of the Personal Data Protection Law to adopt practices compliant with its provisions, its Implementing Regulations, and the documents issued by the competent authority regarding its application, including applying appropriate safeguards when transferring or disclosing personal data outside the Kingdom. This will contribute to enhancing individuals’ trust in data-driven services and products provided by such entities.
SDAIA will announce in due course the start of receiving registration requests through the National Data Governance Platform in preparation for accepting license applications. The specific standards governing these activities, as well as the standards for issuing accreditation certificates, will be announced at that time.
The two documents are available on SDAIA’s official website via the designated links:
https://sdaia.gov.sa/ar/SDAIA/about/Files/RulesGoverningIssuanceAccreditationCertificatesControllersProcessers-ar.pdf, https://sdaia.gov.sa/ar/SDAIA/about/Files/CertificatesControllersProcessorsAuditingInspectionPersonalDataProcessingActivities-ar.pdf.
