Page Content
Laws and
Regulations
SDAIA Regulatory Arrangements
The regulatory arrangements of the Saudi Data & AI Authority were issued by Council of Ministers Resolution No. (292) dated 27/4/1441 AH, and were amended by Council of Ministers Resolution No. (195) dated 15/3/1444 AH.
For more:
Download
View
Policies & Regulations
The data produced, received, or dealt with by government and private entities is one of the most important national assets that contribute to improving performance and productivity and facilitating the provision of public services. As a result, Saudi Arabia aims to implement the best global practices for national data management and governance policies and controls, protect personal data, and increase the value learned from it in order to make strategic decisions, anticipate the future, and uphold the highest standards of accountability and transparency. The value of data as an economic resource that fosters innovation, supports economic transformations, and heightens national competitiveness is being sought after by nations all over the world. Governmental organizations on a national scale gather and process enormous amounts of data that can be used to support economic growth and elevate the Kingdom to pioneership in data-driven economies. In light of Vision 2030, the Kingdom seeks a new era that improves the efficiency of governmental entities, raises their standards of accountability and transparency, and promotes economic diversification and the use of data-driven services. This will play a significant part in the trust- and international partnership-based global economy.
In light of this, the Saudi Data & AI Authority and its legislative arm, the National Data Management Office, the national regulator and reference body for data management and governance, have created a data governance framework at the national level that outlines the laws and regulations for national data management and governance as well as the protection of personal data. This framework has been approved by the SDAIA Board of Directors.
Learn More about the Policies and Regulations:
Data classification Policy and Regulations
The Policy & Regulations set the framework for classifying the data received, produced, or dealt with by public entities, regardless of their source, form, or nature.
Personal Data Protection Law and The implementing Regulation
The law and The implementing Regulation set out the bases for the protection of personal data, the rights of data subjects, and the obligations of controllers
Rules of Procedure on Committees for Reviewing Violations of the Provisions of the Personal Data Protection Law and Its Implementing Regulations
The Rules of Procedure on Committees for Reviewing Violations of the Provisions of the Personal Data Protection Law aim to regulate and govern the committees' procedures in accordance with the PDP Law and its Implementing Regulations.
Rules for Appointing Personal Data Protection Officer
These rules clarify the cases in which a personal data protection officer must be appointed at controller to the application of the provisions of the personal data protection law and its implementing regulations, and the minimum requirements for appointment.
Data Sharing Policy and Regulations
The policy and regulations regulate the sharing of data produced by government entities with other government entities, private entities, and individuals.
Freedom of Information Policy and Regulations
The policy and the regulations outlines the fundamentals and guiding principles of data freedom and applies to requests made by individuals to access or obtain unprotected public data generated by public entities.
Open Data Policy and Regulations
The policy and regulations set out the regulatory frameworks for open data, which is a subset of public information.
Risk Assessment Guideline for Transferring Personal Data Outside the Kingdom:
This guideline aims to clarify the main stages and practical steps to assess the risks of transferring personal data outside the Kingdom or disclosing it to entities outside the kingdom, while taking into consideration the main stages of assessing the negative impact and potential risks associated with processing personal data in general.
Elaboration and Developing Privacy Policy Guideline
This guideline aims to guide entities subject to the provisions of Personal Data Protection Law and its Implementing Regulations, through the preparation and development of their privacy policy.
Minimum Personal Data Determination Guideline
This guideline has been developed for entities subject to the PDPL and its Implementing Regulations to assists these entities in fulfilling the purpose of processing Personal Data while avoiding the collection of unnecessary Personal Data.
The Rules Governing the National Register of Controllers Within the Kingdom
These rules aim to determine and understand the extent to which Controllers are obligated to register in the National Data Governance Platform.
Guidelines for Binding Common Rules (BCR) For Personal Data Transfers
This guideline aims to specify the obligations of the parties involved in the transfer when personal data is transferred or disclosed to a country or international organization that does not have an adequate level of protection for personal data.
Standard Contractual Clauses For Personal Data Transfers
These Clauses are one of the appropriate safeguards that Controllers and Processors may use in addition to the Binding Common Rules (BCR) and accreditation certificates from a body licensed by the Competent Authority.
Personal Data Destruction, Anonymization, and Pseudonymisation Guideline
This guideline aims to assist entities in determining the cases where personal data should be destroyed or anonymized.
Personal Data Disclosure Cases Guideline
This guideline aims to assist entities in determining the cases and restrictions of personal data disclosure.
Personal Data Processing Activities Records Guideline
This guideline aims to assist entities in preparing records of personal data processing activities.
Personal Data Breach Incidents Procedural Guide
This guide Aims to outline the necessary procedures to deal with personal data breaches and reduce the consequences and risks influencing Data Subjects in accordance with the Law and its Implementing Regulations.
Principles and Controls of AI Ethics
Given the rapid growth of practices and technologies in the field of AI and the diversity seen in the use of various applications in many fields, which has an effective role in accelerating the pace of decision-making and its optimal use, the principles and controls of AI ethics contribute to the application of ethics during the stages of the development lifecycle of AI systems. These principles also help support initiatives of research, development and innovation in the Kingdom, which is reflected in the quality of services provided by the Kingdom to individuals to ensure the responsible use of AI technologies.
Generative Al Guideline
There are two versions of this guideline. The first version directed toward government employees. The second version is for the public. Both versions provide guidelines regarding adoption and use of generative artificial intelligence systems. It also include examples based on common scenarios that entities may address. It also highlights the challenges and considerations associated with the use of generative artificial intelligence, proposes principles for responsible use, and presents recommended practices
For more, see the Generative Al Guidelines:
Generative Al Guideline for Government
Generative Al Guideline for Public
AI Adoption Framework
The AI adoption framework is a guiding reference that provides a comprehensive approach for AI adoption across all sectors. It aims to establish directions, guidelines, and identify key steps in according with best practices. The AI adoption framework helps ensure achievement of desired goals through the optimal and responsible use of AI..
For more, see the AI Adoption Framework:
#6459a7
Small
Yes
Theme1
No