Abstract Article 20 of the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL) mandates that data controllers promptly notify the Competent Authority and affected data subjects in case of …
KSA PDPL – Article 19 (Comprehensive Organizational, Administrative, and Technical Measures for Personal Data Protection)
Abstract This paper provides an in-depth analysis of Article 19 of the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL), focusing on the necessary organizational, administrative, and technical measures …
KSA PDPL – Article 18 (Data Retention and Deletion)
AbstractThis paper examines the key provisions and implications of Article 18 concerning data retention and deletion in relation to personal data management. The article mandates data controllers to destroy personal …
Big Data Security, Privacy, and Protection
Abstract The rapid expansion of Big Data technologies presents organizations with unparalleled opportunities for insights and innovation. However, this growth also introduces significant security and privacy challenges. This whitepaper explores …
KSA PDPL – Article 12 (Data Collection Transparency – The Role of Privacy Policies in Data Management)
Abstract This paper examines the critical role of privacy policies in data management, focusing on the obligations of data controllers under legal frameworks such as the KSA PDPL. It highlights …
Attribute-Based Access Control (ABAC) – A Modern Approach to Dynamic and Granular Security
Abstract As organizations evolve and expand their IT infrastructure, especially within cloud environments and hybrid systems, traditional access control models like Role-Based Access Control (RBAC) often fall short in addressing …
KSA NDMO – Personal Data Protection – Data Breach Management Process- PDP.3.2 P1
Explanation The Data Breach Management and Response Process outlines how an organization should handle and address data breaches. It details the steps for reviewing, responding to, and correcting breaches while …
KSA PDPL – Article 10 (Purpose Limitation and Permissible Exceptions for Data Collection & Processing)
Explanation Article 10 outlines the circumstances in which a Data Controller may collect or process personal data without direct consent or for purposes other than the originally stated ones. While …