saudi-pdpl.com

Search Bar with Scrollable Suggestions

SAUDI PDPL

BLOG

Menu

FAQ

Table of Contents

Article 1

Article 2

Article 3

Article 4

Article 5

Article 6

Article 7

Article 8

Article 9

Article 10

Article 11

Article 12

Article 13

Article 14

Article 15

Article 16

Article 17

Article 18

Article 19

Article 20

Article 21

Article 22

Article 23

Article 24

Article 25

Article 26

Article 27

Article 28

Article 29

Article 30

Article 31

Article 32

Article 33

Article 34

Article 35

Article 36

Article 37

Article 38

Article 39

Article 40

Article 41

Article 42

Article 43

Article 30

  1. Without prejudice to the provisions of this Law and the powers of the Saudi Central Bank pursuant to applicable legal provisions, the Competent Authority shall be the entity in charge of overseeing the implementation of this Law and the Regulations.

  2. The Regulations shall identify the situations where the Controller shall appoint one or more persons as personal data protection officer(s). and shall set the responsibilities of any such person in accordance with the provisions of this Law.

  3. The Controller shall cooperate with the Competent Authority in performing its duties to supervise the implementation of the provisions of this Law and the Regulations, and shall take such steps as necessary in connection with the related matters referred to the Controller by the Competent Authority.

  4. The Competent Authority, in order to carry out its duties related to supervising the implementation of the provisions of the Law and Regulations, may:

    A. Request the necessary documents or information from the Controller to ensure its compliance with the provisions of the Law and Regulations.

    B. Request the cooperation of any other party for the purposes of support in accomplishing supervisory duties and enforcement of the provisions of the Law and Regulations.

    C. Specify the appropriate tools and mechanisms for monitoring Controllers’ compliance with the provisions of the Law and the Regulations, including maintaining a national register of Controllers for this purpose.

    D. Provide services related to Personal Data protection through the national register referred to in Subparagraph (c) of this Paragraph or through any other means deemed appropriate. The Competent Authority may collect a fee for the Personal Data protection services it may provide.

  5. The Competent Authority may, at its discretion, delegate to other authorities the accomplishment of some of its duties that are related to supervision or enforcement of the provisions of the Law and Regulations.
Article 29
Article 31
Scroll to Top