Onetrust All Rights Reserved
On Demand

PrivacyConnect UAE

1 hour | October 26, 2021 |1PM | GST (GMT+4)


Data Residency in Saudi Arabia’s Personal Data Protection Law

PrivacyConnect brings together local privacy professionals in their communities to discuss the latest trends in privacy and security, review regulatory updates, and share best practices for implementing privacy programs in practice.  

Saudi Arabia’s new Personal Data Protection Law has been published in the Official Gazette. This has triggered a 180-day period that will see the Law come into effect on 23 March 2022.  Controlling entities will have 1 year from this date to achieve compliance.

The Law applies to the processing of personal data of individuals in the Kingdom and to processing by any entity outside the Kingdom in respect of data subjects inside the Kingdom. There are several familiar data protection principles and obligations present. These include accountability, purpose limitation, transparency, accuracy, the appointment of a data protection officer (DPO), a requirement for records of processing activities and data protection impact assessments.


A topic which has historically demanded the ongoing attention of both local companies and multi-national organisations is the evolving data residency landscape in Saudi Arabia. In keeping with this trend, Article 29 of the Law provides that except in cases where a threat to the life of the data subject exists, the controlling entity may not transfer personal data outside the Kingdom or disclose it to a party outside the Kingdom, unless this is in implementation of an obligation under a convention to which the Kingdom is a party, or to serve the interests of the Kingdom, or for other purposes as determined by the Regulations after certain conditions are met.


This webinar will take the form of a virtual fireside chat. Our panel members will leverage their considerable experience working in the Kingdom and offer their personal perspectives on how this Art. 29 requirement of data residency is likely to play out once the Executive Regulations are released. This will include how the competent authority may approve a transfer or disclosure as determined by the Regulations, or potentially exempt a controlling entity from being bound by any of the conditions set out by the Law. There will also be time for Q&A.


1:00pm | Welcome and Introduction
1:05pm | Data Residency in Saudi Arabia’s Personal Data Protection Law
1:50pm | Closing and Q&A


The speaker Paul Mccormack, 's profile image
Paul Mccormack,

Global Lead Counsel for Privacy and Cybersecurity,


The speaker Nick O'Connell, 's profile image
Nick O'Connell,

Partner and Head of Digital & Data - Saudi Arabia,

Al Tamimi & Company

The speaker Dale Waterman, 's profile image
Dale Waterman,


PrivacyConnect UAE

Watch Video

Note: All fields marked with * are required
(Important: event info will be sent to this e-mail address.)

I’d like email updates on local privacy events and news, resources and products to stay connected with my community. Unsubscribe at any time.

I’d like a solution expert to provide product information or show me a custom demo of the OneTrust platform

How would you like us to contact you?

By clicking register below I confirm that I have read, understood and accepted the OneTrust Event Registration Terms.

Privacy Notice

You can learn more about how we handle your personal data and your rights by reviewing our privacy notice.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You Might Also Be Interested In

NOV 30, 2021

PrivacyConnect Midlands

DEC 02, 2021

PrivacyConnect Belfast

DEC 07, 2021

VendorRiskConnect APAC

NOV 09, 2021

ESGConnect North America

OCT 26, 2021

ESGConnect North America

NOV 11, 2021

ESGConnect Europe

OCT 28, 2021

ESGConnect Europe

DEC 06, 2021

VendorRiskConnect North America

Onetrust All Rights Reserved