Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
EU - Saudi Arabia: GDPR v. PDPL
In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Personal Data Protection Law (PDPL) (available in Arabic here and in English here).
The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the PDPL with the GDPR.
You can access the latest version of the report here.
What is the PDPL?
The PDPL is Saudi Arabia's first comprehensive and unified national data protection law, and was issued in September 2021 to regulate the collection and processing of personal data. The PDPL has been implemented by Royal Decree No. M/19 of 9/2/1443H (16 September 2021) approving Resolution No.98 og 7/2/1443H (14 September 2021) and amended by Royal Decree No. M/147 of 5/9/1444H (21 March 2023), and came into effect on September 14, 2023.
Key highlights
The PDPL and the GDPR share some similarities, including:
- the same general concepts as well as the same language on occasion, particularly with regards to data processing principles and data subject rights;
- their approaches to legal bases; and
- the provision of a data protection authority to give effect to the respective data protection laws.
However, despite their similarities, the PDPA and the GDPR also differ sometimes in their approach, such as:
- the PDPL provides less detailed information on the exercise of data subject rights;
- the PDPL has more restrictive data transfer obligations; and
- the PDPL has less extensive principles and legal bases for processing personal data, with emphasis on consent as requirement for lawful processing.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
