SDAIA Personal Data Protection Law
SDAIA PDPL (نظام حماية البيانات الشخصية)
Overview
SDAIA PDPL (نظام حماية البيانات الشخصية)
Framework Domains (6)
This framework is organized into 6 domain(s) covering 20 controls total.
Domain 1: Privacy Governance and Accountability
Covers the organisational governance structures, designated privacy roles (DPO), privacy impact assessments, records of processing activities, and management of data processors to ensure accountable personal data handling under SDAIA PDPL.
Domain 2: Lawful Basis and Consent
Covers consent management, legitimate bases for processing without consent, and purpose limitation and data minimisation principles under SDAIA PDPL.
Domain 3: Transparency and Individual Rights
Covers privacy policy requirements, collection notice obligations, the full framework of data subject rights, and the handling of data subject requests under SDAIA PDPL.
Domain 4: Data Quality and Retention
Covers data accuracy obligations, personal data retention management, correction and update notification, and compliant data destruction under SDAIA PDPL.
Domain 5: Data Disclosure, Transfer and Special Processing
Covers personal data disclosure controls, cross-border data transfer requirements, direct marketing, scientific and research processing, and special handling of official documents under SDAIA PDPL.
Domain 6: Data Security and Breach Management
Covers the implementation of technical and organisational security measures to protect personal data, and the management of personal data breach notifications to SDAIA and data subjects as required under PDPL.
Detailed control mapping and audit workflows are available in the Framework Browser demo.
Ready to audit?
Use ArabAudit to run structured assessments against this framework, map evidence automatically, and generate regulator-ready reports.