Latham & Watkins

Subscribe to Latham & Watkins's Posts
Flowing particle lines

Organizations should prioritize compliance efforts in light of mounting regulatory scrutiny and potential fines.

By Brian A. MeenaghDanielle van der Merwe, and Faisal Imam*

The Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL) is now firmly in its active enforcement phase. The one-year grace period granted to organizations to achieve compliance ended on September 14, 2024, and the Saudi Data and Artificial Intelligence Authority (SDAIA) has moved from awareness-building and guidance to regulatory action. Businesses operating

RESTRICTED IMAGE - DO NOT USE

The PDPL has broad extraterritorial scope and substantial penalties for non-compliance, with full enforcement expected to start in September.

By Brian A. Meenagh and Lucy Tucker

The Personal Data Protection Law (PDPL) is the first comprehensive data protection law in Saudi Arabia. The Saudi Data and Artificial Intelligence Authority (SDAIA) is expected to start full enforcement of the PDPL from 14 September 2024, after the current compliance transition period ends. SDAIA emphasised that it expects entities to take measures to achieve compliance with the PDPL by the September deadline.