Riyadh,
The Saudi Data and AI Authority (SDAIA) has released a document outlining the rules for appointing a personal data protection officer (DPO). The document elucidates the circumstances under which a DPO shall be appointed at controllers falling under the purview of the Personal Data Protection Law and its implementing regulations, setting minimum criteria for DPO appointment.
The document provides insights into the cases necessitating the appointment of a DPO by a controlling entity. It outlines the DPO’s responsibilities, including supervising the enforcement of the law’s provisions and regulations, overseeing and monitoring procedures applicable by a controller, and receiving requests pertaining to personal data in compliance with the law’s stipulations and regulations.
Furthermore, DPOs are designated as a point of contact with the competent authority, SDAIA, executing its directives and guidelines concerning the enforcement of the law’s provisions and regulations.
SDAIA issued this document in accordance with Paragraph 2 of Article 30 of the Personal Data Protection Law, as issued under Royal Decree M/19, dated 09/02/1443 AH, and Paragraph 4 of Article 32 of the law’s implementing regulations.
The document can be accessed through SDAIA’s website at the following link: https://sdaia.gov.sa/ar/SDAIA/about/Documents/RulesforAppointingPersonalDataProtectionOfficer.pdf
–SPA