← Back to all frameworks
SDAIA-PDPL

SDAIA Personal Data Protection Law

SDAIA PDPL (نظام حماية البيانات الشخصية)

Overview

SDAIA PDPL (نظام حماية البيانات الشخصية)

Framework Domains (6)

This framework is organized into 6 domain(s) covering 20 controls total.

Domain 1: Privacy Governance and Accountability

4 controls in this domain

Covers the organisational governance structures, designated privacy roles (DPO), privacy impact assessments, records of processing activities, and management of data processors to ensure accountable personal data handling under SDAIA PDPL.

Domain 2: Lawful Basis and Consent

3 controls in this domain

Covers consent management, legitimate bases for processing without consent, and purpose limitation and data minimisation principles under SDAIA PDPL.

Domain 3: Transparency and Individual Rights

4 controls in this domain

Covers privacy policy requirements, collection notice obligations, the full framework of data subject rights, and the handling of data subject requests under SDAIA PDPL.

Domain 4: Data Quality and Retention

3 controls in this domain

Covers data accuracy obligations, personal data retention management, correction and update notification, and compliant data destruction under SDAIA PDPL.

Domain 5: Data Disclosure, Transfer and Special Processing

4 controls in this domain

Covers personal data disclosure controls, cross-border data transfer requirements, direct marketing, scientific and research processing, and special handling of official documents under SDAIA PDPL.

Domain 6: Data Security and Breach Management

2 controls in this domain

Covers the implementation of technical and organisational security measures to protect personal data, and the management of personal data breach notifications to SDAIA and data subjects as required under PDPL.

Detailed control mapping and audit workflows are available in the Framework Browser demo.


Integration

Ready to audit?

Use ArabAudit to run structured assessments against this framework, map evidence automatically, and generate regulator-ready reports.