SDAIA released guidelines outlining the rules and criteria for appointing a Personal Data Protection Officer (DPO), detailing when and why a DPO must be appointed under the Personal Data Protection Law.
The document specifies the DPO’s responsibilities, including overseeing the enforcement of data protection regulations, monitoring compliance, and handling personal data requests.
The DPO will act as the main contact with SDAIA, ensuring adherence to legal directives and guidelines, with the document available for review on SDAIA’s official website.
Riyadh, August 28, 2024 — The Saudi Data and Artificial Intelligence Authority (SDAIA) has recently unveiled a comprehensive document detailing the rules for appointing a Personal Data Protection Officer (DPO). This crucial document clarifies the circumstances under which a DPO must be appointed by controllers subject to the Personal Data Protection Law and its associated regulations.
The newly released guidelines offer clear insights into the scenarios that necessitate the appointment of a DPO. They delineate the minimum criteria that must be met for an individual to be appointed to this role. The responsibilities of the DPO, as outlined in the document, are pivotal. They include supervising the implementation and enforcement of the law’s provisions, monitoring and overseeing compliance procedures enforced by the controller, and managing requests related to personal data in alignment with legal requirements.
Additionally, the DPO is designated as the primary point of contact with SDAIA. They are responsible for executing SDAIA’s directives and guidelines concerning the enforcement of data protection regulations. This role ensures that controllers remain compliant with the Personal Data Protection Law and its regulations.
This document was issued in accordance with Paragraph 2 of Article 30 of the Personal Data Protection Law, enacted under Royal Decree M/19, dated 09/02/1443 AH, and Paragraph 4 of Article 32 of the law’s implementing regulations. For further details, the document is available on SDAIA’s official website through the following link: [SDAIA Document on DPO Appointment](https://sdaia.gov.sa/ar/SDAIA/about/Documents/RulesforAppointingPersonalDataProtectionOfficer.pdf).