Version: 1.0.0-beta

PDPL Compliance

AIIA supports the Saudi Personal Data Protection Law (PDPL) — the primary data privacy regulation issued by SDAIA governing the collection, processing, and storage of personal data.

Framework Details

Property	Value
Code	`PDPL`
Name	Personal Data Protection Law
Name (AR)	نظام حماية البيانات الشخصية
Issuing Body	SDAIA
Country	Saudi Arabia
Category	Regulatory

PDPL Domains

Domain	Key Requirements
Data Collection	Lawful basis, consent management, purpose limitation
Data Processing	Minimization, accuracy, processing records
Data Subject Rights	Access, rectification, erasure, portability
Data Transfer	Cross-border transfer restrictions, adequacy decisions
Data Security	Technical and organizational measures
Breach Notification	Notification to SDAIA and data subjects
Data Protection Officer	DPO appointment and responsibilities

Using PDPL in AIIA

Enable and Map

Navigate to Compliance → Frameworks → PDPL
Enable the framework
Map your data protection controls to PDPL requirements
Assess compliance status for each requirement

Privacy Impact Assessment

Create questionnaires aligned with PDPL requirements:

Data inventory and classification
Consent mechanisms assessment
Data subject rights processes
Cross-border transfer analysis

Evidence Collection

For each PDPL requirement, attach evidence:

Privacy policies and notices
Consent records
Data processing agreements
Technical security measures documentation

Cross-Framework Mapping

PDPL requirements overlap with:

GDPR — many shared concepts (consent, subject rights, breach notification)
NCA ECC — data security controls overlap
ISO 27001 — information security management controls

Bilingual Support

All PDPL requirements are available in Arabic and English, matching the official regulation language.

Framework Details​

PDPL Domains​

Using PDPL in AIIA​

Enable and Map​

Privacy Impact Assessment​

Evidence Collection​

Cross-Framework Mapping​

Bilingual Support​