Simpler Explanation of Article 4 of the PDPL
Data Subject Rights
- Right to Know: You have the right to know why and how your personal data is being collected.
Example: If a company wants your email address, they must tell you why they need it, like for sending newsletters. - Right to Access: You can ask to see the personal data the company has about you.
Example: If you want to check what information a store has about your purchases, you can request to see it. - Right to Get Data in a Readable Format: You can ask to receive your data in a clear and understandable format.
Example: If you request your data from a company, they should give it to you in a way that’s easy to read, like a PDF or spreadsheet. - Right to Correct Data: You can ask to fix any mistakes or update your personal data.
Example: If your address is wrong in a company’s records, you can ask them to correct it. - Right to Delete Data: You can ask to delete your personal data when you no longer need it.
Example: If you stop using a service, you can ask them to delete your account information.
To activate the rights outlined in Article 4 of the KSA PDPL (Data Subject Rights), you need to implement processes and policies that respect and facilitate these rights. By integrating these practices into your operations, you will better support individuals in exercising their data subject rights under the KSA PDPL.
You may activate each of these rights, as followed:
- Right to Know
Implementation: Create a clear and accessible privacy policy that outlines the purposes for collecting personal data, the methods of collection, and how the data will be used. This information should be easily accessible to individuals at the point of data collection.
Example: When collecting email addresses for newsletters, provide a brief explanation at the point of collection (e.g., on a sign-up form) about why the email is needed and how it will be used. - Right to Access
Implementation: Establish a process for individuals to request access to their personal data. This includes creating a form or online portal where individuals can submit access requests and procedures for verifying their identity before granting access.
Example: Set up a request form on your website where users can submit a request to view their purchase history and ensure there is a secure method for verifying the requester’s identity. - Right to Get Data in a Readable Format
Implementation: Develop procedures to provide personal data in a commonly used, readable format such as PDF or spreadsheet. Ensure that your data retrieval systems can export data in these formats.
Example: When an individual requests their data, provide it in a clear format, such as an email attachment or downloadable link, ensuring that it is easily understandable. - Right to Correct Data
Implementation: Implement a system for individuals to request corrections or updates to their personal data. This should include a process for reviewing and making the necessary changes and notifying the individual once the update is complete.
Example: Provide an online form or contact method for users to report inaccuracies in their address and ensure timely updates to your records. - Right to Delete Data
Implementation: Develop a process for handling data deletion requests. This should include verifying the requester’s identity, removing the data from your systems, and confirming the deletion to the individual.
Example: When a user requests the deletion of their account information, follow a procedure to remove their data from your databases and send them a confirmation once the deletion is complete.
General Steps to Activate These Rights
- Policy Development: Create and regularly update privacy policies and procedures to address these rights.
- Training: Train employees on data subject rights and how to handle requests.
- Technology: Implement and maintain technology solutions that support the efficient handling of these rights.
- Compliance Monitoring: Regularly audit and review processes to ensure compliance with data subject rights.
For Your Further Reading:
