Organizations should prioritize compliance efforts in light of mounting regulatory scrutiny and potential fines.
By Brian A. Meenagh, Danielle van der Merwe, and Faisal Imam*
The Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL) is now firmly in its active enforcement phase. The one-year grace period granted to organizations to achieve compliance ended on September 14, 2024, and the Saudi Data and Artificial Intelligence Authority (SDAIA) has moved from awareness-building and guidance to regulatory action. Businesses operating