Data Privacy Rights (PDPL)

Source: Royal Decree No. M/19 of 2021 (Personal Data Protection Law); SDAIA Implementing Regulations; National Data Management Office Guidelines

Written in plain language for general understanding. This is educational content, not legal advice. Based on Saudi royal decrees, regulations, and ministerial decisions.

Saudi National Law

What is this right?

The Personal Data Protection Law (PDPL), enforced by the Saudi Data and Artificial Intelligence Authority (SDAIA), gives you control over your personal data:

  • Consent: Organizations must get your explicit consent before collecting, processing, or sharing your personal data (with limited exceptions for public interest).
  • Right to know: You can request information about what data is collected, why, and who it is shared with.
  • Right to access: You can request a copy of your personal data held by an organization.
  • Right to correction: You can ask organizations to correct inaccurate data about you.
  • Right to deletion: You can request deletion of your data when there is no legal basis for keeping it.
  • Data breach notification: Organizations must notify SDAIA and affected individuals of data breaches that pose a serious risk.

Violations can result in fines up to SAR 5,000,000 and imprisonment for intentional misuse of personal data.

When does it apply?

  • A company is collecting your personal data — name, ID number, phone, location, health records, or financial information.
  • You want to access, correct, or delete your data held by a company.
  • Your personal data was leaked or misused.

What should you do?

  • Read privacy notices before agreeing to data collection — know what you are consenting to.
  • Submit a data access request in writing to the organization's data protection officer.
  • If the organization ignores your request, file a complaint with SDAIA.
  • Report data breaches or misuse to SDAIA through their official channels.

What should you NOT do?

  • Do not share your national ID or financial data with untrusted websites or apps.
  • Do not ignore data breach notifications — change your passwords and monitor your accounts.
  • Do not assume consent is permanent — you can withdraw consent at any time for future processing.

More in Consumer Rights

Right to Product Safety & QualitySaudi consumer protection law guarantees that products sold in the Kingdom meet safety and quality standards:Safety stan...Read more →Warranty & Return RightsSaudi law gives consumers strong warranty and return protections:15-day return right: You can return most products withi...Read more →Protection from Deceptive PracticesSaudi law prohibits businesses from misleading consumers:False advertising: Businesses cannot make false or misleading c...Read more →

Related Topics

Workers' RightsTermination & Notice PeriodTax RightsTax Refund & Offset Claims
← Browse all Consumer Rights

Legal Resources

We may earn a commission if you use these services — at no extra cost to you. This supports our mission to make legal information free for everyone.

LawDepotSend a formal demand letter to a business or creditor. State-specific financial and consumer documents ready in minutes.Create a Demand LetterCredit KarmaFree credit monitoring, dispute tools, and alerts. Know when your credit report changes.Check Your Credit FreeIdentityGuardIdentity theft protection and monitoring. Get notified if your personal information is misused.Protect Your Identity

You came here to know your rights — help someone else know theirs.

Support This Mission