​

The National Data Management Office (NDMO) defines data management as the process of developing and implementing plans, policies, programs, practices, and overseeing them to enable entities to govern data and enhance its value as a valuable asset. The goal of data management is to assist the organization and decision-makers in improving the use of data for more accurate decision-making. The Saudi Data & Artificial Intelligence Authority (SDAIA) issued a the Personal Data Protection Law (PDPL), which requires the controlling of entity to take the organizational and technical measures that are necessary to ensure protection of personal data. So, SCS will develop, manage, update and improve the Privacy and Data Protection Framework within  the organization based on PDPL, and ensure the implementation of all principles, objectives (controls), policies and procdures  are aligned with KSA Personal Data Protection Law (PDPL) regulations  and  best practice and industry standards for both national and international standards and regulations.

​

The PDPL applies "to any processing of personal data related to individuals that takes place in the Kingdom by any means, including the Processing of Personal Data related to individuals residing in the Kingdom by any means from any party outside the Kingdom. This includes the data of the deceased if it would lead to them or a member of their family being identified specifically."

​

The takeaway, then, is that under the PDPL, any entity, whether public or private, that processes personal information of KSA residents has to comply. This means that whether your business is located in the KSA, or you operate outside but process the personal information of KSA residents, the law applies to you. For example, if your business is located outside of the KSA but sells goods or services to KSA residents and collects information from those residents, you must comply with this regulation. 

​

• SCS will review and identify the core operational processes within the organization, identifying the key touchpoints which either require or hold personal data.

• SCS will conduct gap analysis to enable processes to be rectified accordingly.

• SCS will Identify data privacy compliance gaps and risks.

• SCS will  develop recommendations to remediate identified gaps.

• SCS will re-calibration of the project plan/scope

• SCS will develop Data Privacy Implementation Roadmap and Plan

• SCS will conduct high level analysis of existing data privacy organization structure, framework, policies, processes and tools through interviews and review of current data privacy artifacts.