KPMG: Financial entities to face penalties for violation of Saudi Personal Data Protection Law

KPMG: Financial entities to face penalties for violation of Saudi Personal Data Protection Law

RIYADH — Saudi Arabia’s Personal Data Protection Law (PDPL) will help protect the privacy of individuals and ensure that banks processing personal data are held accountable through a system of severe penalties, said Ton Diemont , head of Cybersecurity & Data Privacy, KPMG Saudi Arabia. More importantly, any bank or financial entity breaching PDPL regulations involving the collection, usage, transfer, or storage of personal data, whether intentional or not, risks reputational damage, he stated in the Banking Perspective 2023 report. Following a one-year compliance grace period, PDPL is now in place and coming into force on Sept. 14, 2023, with the enforcement deadline set for Sept. 14, 2024. The new law regulates the processing of personal data and applies to any entity that processes the personal data of individuals within the Kingdom. The PDPL is the first comprehensive, generally applicable data protection law in Saudi Arabia and shares similarities with the best practice data protection laws from around the world, such as the EU’s General Data Protection Regulation. Based on broad principles covering consent, transparency, lawfulness, and purpose limitation, the PDPL is straightforward for most companies to comply with. However, certain sectors involved in providing services that require the frequent