Damascus: The Saudi Data and Artificial Intelligence Authority (SDAIA) has invited the public, specialists, and relevant entities to provide feedback on draft guidelines for licensing personal data protection activities and issuing accreditation certificates through the unified electronic platform for public and government consultations, Istitlaa. The initiative aims to engage stakeholders in strengthening the Kingdom's regulatory framework for personal data protection.
According to Saudi Press Agency, the consultation seeks to support decision-making related to regulating auditing, inspection, and accreditation activities for personal data processing. It also aims to enhance compliance with the Personal Data Protection Law and its implementing regulations while strengthening public confidence in the services and products provided by data controllers and processors.
The draft guidelines include three documents: the Accreditation Certificate Standards Guide for Data Controllers and Processors, the Standards Guide for Licensing Personal Data Processing Audit and Inspection Activities, and the Standards Guide for Licensing Accreditation Certificate Activities for Data Controllers and Processors. The guidelines are based on the regulations issued by the competent authority governing these activities.
The Accreditation Certificate Standards Guide outlines the criteria for assessing compliance by data controllers and processors with the Personal Data Protection Law and its implementing regulations, contributing to higher compliance levels and stronger personal data protection practices.
Meanwhile, the guides for licensing audit, inspection, and accreditation certification activities define the standards and requirements that entities must meet to obtain licenses to carry out these activities. The objective is to ensure the competence of licensed entities and the quality of their services in auditing, inspection, and certification.
The guidelines also encourage entities subject to the Personal Data Protection Law to adopt practices that comply with the law, its implementing regulations, and related guidance issued by the competent authority, including appropriate safeguards for the transfer or disclosure of personal data outside the Kingdom. These measures are intended to improve compliance among data controllers and processors and reinforce public trust in services and products that rely on personal data.