Adherence to the Personal Data Protection Law and Data Governance Policies, Regulations and Rules
| No: 43045328 | Date(g): 23/12/2021 | Date(h): 19/5/1443 | Status: In-Force |
Translated Document
Referring to the Personal Data Protection Law, issued by Royal Decree No. (M/19) dated 09/02/1443H*, and to the policies, controls and rules issued by the Saudi Data and Artificial Intelligence Authority and the National Data Management Office regarding data governance, based on the powers vested to the same under Cabinet Resolution No. (292) dated 27/04/1441H. Given that the Law, policies, controls and rules referred to above contribute to protecting and building confidence in the data sector in KSA, and that some of the above shall be implemented by the financial institutions supervised by SAMA, SAMA would like to emphasize the following:
First: Review the approved internal policies and procedures and ensure their compatibility and/or amendment in accordance with the following:
- Personal Data Protection Law issued by the Royal Decree * referred to above, within the legally specified period for commitment.
- Policies, controls and rules issued by the Saudi Data and Artificial Intelligence Authority, which can be accessed via the following electronic link: (sdaia.gov.sa/ndmo).
Second: Evaluate the organizational gaps (Gap Analysis) with the Law, policies, controls and rules referred to above and develop a time plan to correct and present them to the Board of Directors for approval.
Communication in this regard with SAMA shall be via the following e-mail: (CRC.Compliance@SAMA.GOV.SA).
*This Law has been amended by Royal Decree No. M/148 dated 05/09/1444H.