Saudi Arab has shifted it’s focus on improving its digital economy under the Vision 2030 program. This has led to the creation of National Cybersecurity Authority (NCA), an organization in charge of the cyber security policies and standards in the country. Established in 2017, it has since then worked to improve the security posture of the country to safeguard critical infrastructures and sectors. Some of the key responsibilities of NCA include cyber security frameworks, controls and compliance, national cybersecurity strategy, planning and maintenance of cybersecurity operation centers, raising awareness among masses, encouraging innovation and investment, collaborations with private entities and so on.
Personal Data Protection Law (PDPL), published on 24 September 2021 is due to come into effect on 23 March 2022. This law defines a set of policies to process personal data and sets out rights of the personal data owners as well. It will require businesses to make significant changes in how they collect, process, and store personal information of clients. This law is applicable to personal information of all the residents of Kingdom of Saudi Arab, whether this information is being processed by entities that reside inside the KSA or by any outside entity. The processing of personal data includes collecting, modifying, disclosing, storing, transferring, destroying, or blocking personal individual data.