In case of any discrepancy between translations, the English version of this document shall prevail.

PDPL Compliance - Saudi Arabia

Last updated: February 8, 2026

Tehnolabs Systems OÜ is committed to compliance with the Kingdom of Saudi Arabia's Personal Data Protection Law (PDPL). We serve clients in Saudi Arabia and process personal data of individuals located in the Kingdom in accordance with PDPL requirements.

About Saudi Arabia's PDPL

The Personal Data Protection Law (PDPL) came into force on 14 September 2023 and became fully enforceable on 14 September 2024. The law is administered by the Saudi Authority for Data and Artificial Intelligence (SDAIA).

Key Fact: The PDPL applies to organizations based in Saudi Arabia and foreign organizations that process personal data of individuals located in Saudi Arabia, regardless of where the processing takes place.

Our PDPL Compliance

We ensure full compliance with PDPL requirements:

Data Processing Principles

Lawful, fair, and transparent processing

Consent Management

Clear, informed consent for data collection

Data Subject Rights

Mechanisms to exercise individual rights

Security Measures

Technical and organizational safeguards

Your Rights Under PDPL

If you are located in Saudi Arabia, you have the following rights:

1. Right to Access

You can request access to your personal data and information about how it is processed.

2. Right to Rectification

You can request correction of inaccurate or incomplete personal data.

3. Right to Erasure

You can request deletion of your personal data under certain circumstances.

4. Right to Object

You can object to certain types of data processing.

5. Right to Data Portability

You can request your data in a structured, commonly used format.

6. Right to Withdraw Consent

You can withdraw your consent to data processing at any time.

Data Processing Principles

We adhere to the following PDPL data processing principles:

  • Lawfulness and Fairness: All processing has a lawful basis and is conducted fairly
  • Transparency: Clear information provided about data collection and use
  • Purpose Limitation: Data collected only for specified, legitimate purposes
  • Data Minimization: Only necessary data is collected
  • Accuracy: Personal data is kept accurate and up to date
  • Storage Limitation: Data retained only as long as necessary
  • Integrity and Confidentiality: Appropriate security measures implemented

Cross-Border Data Transfers

When transferring personal data from Saudi Arabia to other countries, we ensure:

  • Consent: We obtain your explicit consent for international data transfers
  • Adequate Protection: We ensure the receiving country provides adequate data protection
  • Safeguards: We implement appropriate safeguards including:
    • Standard Contractual Clauses (SCCs)
    • Binding Corporate Rules (BCRs)
    • Certificates of accreditation

Data Breach Notification

In accordance with PDPL requirements:

  • We will notify SDAIA within 72 hours of becoming aware of a data breach
  • You will be notified without undue delay if the breach poses a risk to your rights
  • We maintain comprehensive incident response procedures
  • All breaches are documented and investigated thoroughly

Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for:

  • Monitoring PDPL compliance
  • Conducting data protection impact assessments
  • Serving as point of contact for data subjects
  • Cooperating with SDAIA
  • Maintaining records of processing activities

Contact our DPO:
Email: dpo@tehnolabs.com

Record of Processing Activities

We maintain comprehensive records of all processing activities, including:

  • Name and contact details of the data controller
  • Purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients of personal data
  • International data transfers and safeguards
  • Retention periods
  • Security measures implemented

Penalties and Enforcement

PDPL non-compliance can result in significant penalties:

  • Fines up to SAR 5 million (approximately USD 1.3 million)
  • Fines can be doubled for repeat offenses
  • Imprisonment for up to 2 years for certain violations
  • Additional administrative penalties

We take compliance seriously and have implemented comprehensive measures to ensure adherence to all PDPL requirements.

Regulatory Authority

PDPL is administered and enforced by:

Saudi Authority for Data and Artificial Intelligence (SDAIA)
Website: sdaia.gov.sa

You have the right to lodge a complaint with SDAIA if you believe we have not complied with PDPL.

Data Protection Impact Assessments

For high-risk processing activities, we conduct Data Protection Impact Assessments (DPIAs) that:

  • Identify and assess privacy risks
  • Evaluate necessity and proportionality
  • Determine appropriate mitigation measures
  • Document the assessment process
  • Review and update regularly

Exercising Your Rights

To exercise your rights under PDPL:

  1. Contact our Data Protection Officer at dpo@tehnolabs.com
  2. Provide sufficient information to verify your identity
  3. Specify which right you wish to exercise
  4. We will respond within the timeframe required by PDPL
  5. If we cannot fulfill your request, we will explain why

Additional Resources

For more information about our data protection practices:

Privacy Policy

Comprehensive privacy practices

GDPR Compliance

EU data protection standards

Contact Information

For questions about PDPL compliance or to exercise your rights:

Tehnolabs Systems OÜ
Data Protection Officer: dpo@tehnolabs.com
Privacy Inquiries: privacy@tehnolabs.com

We are committed to protecting your personal data and respecting your privacy rights under Saudi Arabia's PDPL.

Privacy PolicyTerms and ConditionsGDPR Compliance