Data Protection

Subscribe to Data Protection

The PDPL has broad extraterritorial scope and substantial penalties for non-compliance, with full enforcement expected to start in September.

By Brian A. Meenagh and Lucy Tucker

The Personal Data Protection Law (PDPL) is the first comprehensive data protection law in Saudi Arabia. The Saudi Data and Artificial Intelligence Authority (SDAIA) is expected to start full enforcement of the PDPL from 14 September 2024, after the current compliance transition period ends. SDAIA emphasised that it expects entities to take measures to achieve compliance with the PDPL by the September deadline.  

Emirate of Sharjah cityscape waterfront rising above Al Noor Island at city downtown in the UAE

Organisations subject to the law should carry out a gap analysis of their current compliance position against the new requirements.

By Brian A. Meenagh, Alexander Hendry, and Lucy Tucker

The United Arab Emirates (UAE) has issued its first federal data protection law (Federal Decree Law No. 45/2021 on the Protection of Personal Data) (the Data Protection Law), alongside a law establishing the new UAE Data Office (Federal Decree Law No. 44/2021 on Establishing the UAE Data Office).

The issuance of the Data Protection Law follows a trend of new data protection laws in the Middle East, including a data protection law in Saudi Arabia that will come into force on 23 March 2022.

Data protection in the Middle EastGlobal cyber-attack threats stand at the highest ever recorded level, jumping 14 percent from 2012 to 2013 (Cisco 2014 Annual Security Report). Furthermore, a recent Microsoft Security Intelligence Report found that operating system infection rates in the GCC countries were almost twice the worldwide average, with up to 13 computers out of every 1,000 being infected.

The general lack of cybercrime disclosure has made measuring the financial impact of cyber breaches challenging. Reporting of cyber attacks remain

electronic microchipLatham & Watkins’ Middle East Technology, IP and Sourcing team has just published the sixth edition of Middle East and Africa Technology, IP and Sourcing Focus.

This edition includes a white paper on preparing a statement of work for a technology or sourcing transaction, guidance on US Trade Controls for companies operating in Qatar, Saudi Arabia, South Africa and the United Arab Emirates, a primer on Data Protection in Saudi Arabia and a round-up of the latest note-worthy telecommunications

Although some surveys of privacy law suggest otherwise, privacy requirements do in fact exist in the Kingdom of Saudi Arabia (KSA)and are very relevant to companies operating there or seeking to provide services to customers in KSA.

Background

The paramount body of law in KSA is the Sharīʿah. The Sharīʿah is comprised of a collection of fundamental principles derived from a number of different sources, which include the Holy Qu’ran and the Sunnah, which are the witnessed sayings and