Table of Contents
Article 1
Article 2
Article 3
Article 4
Article 5
Article 6
Article 7
Article 8
Article 9
Article 10
Article 11
Article 12
Article 13
Article 14
Article 15
Article 16
Article 17
Article 18
Article 19
Article 20
Article 21
Article 22
Article 23
Article 24
Article 25
Article 26
Article 27
Article 28
Article 29
Article 30
Article 31
Article 32
Article 33
Article 34
Article 35
Article 36
Article 37
Article 38
Article 39
Article 40
Article 41
Article 42
Article 43
Article 33
- The Competent Authority shall set the requirements for practicing commercial, professional or non-profit activities related to Personal Data protection in the Kingdom, in
coordination with the competent authorities, and without prejudice to the other requirements set by those authorities in their domain of competence. - The Competent Authority may grant licenses to entities that issue accreditation certificates to Controllers and Processors. The Competent Authority shall set the rules to regulate the issuance of such certificates.
- The Competent Authority may grant licenses to entities that conduct audits or checks of Personal Data Processing activities related to the Controller’s activity, in accordance with the provisions stipulated in the Regulations. The Competent Authority shall set the conditions and criteria to grant such licenses, and the rules regulating them.
- The Competent Authority shall specify the appropriate tools and mechanisms to monitor compliance of Controllers and Processors outside the Kingdom in regard with their obligations as stated in the Law and the Regulations when Processing personal data related to individuals residing in the Kingdom by any means, and shall define procedures to enforce the provisions of the Law and the Regulations outside the Kingdom.