Book an appointment with us, or search the directory to find the right lawyer for you directly through the app.
Find out moreWe are excited to share the latest edition of the Law Update, beautifully and appropriately titled “Sustainable Horizons: The Saudi Arabian Vision.” Giving special honor to the Kingdom’s 2030 vision, this update focuses on a collection of both informative and inspiring articles.
For those in construction, you can learn about how the tendering environment impacts risk-pricing for contractors, the updates on the legal framework of the construction industry and how contractors can protect themselves against financial difficulties.
There is good news too from the kingdom’s banking sector, from which the practice of “Open Banking” is being pushed for! But what is open banking? We’re answering that too.
Also . . . Are there any women trail blazers in Saudi Arabia you can name? We’ll help you with that. We cover how the Middle East has been making strides in empowering women in the entrepreneurial space,most notably in STEM fields.
Read the full editionThere is considerable ambiguity around SDAIA’s announcement on 22 March 2022 that:
The Personal Data Protection Law (“PDPL”), contemplates the Implementing Regulations being issued by 23 March 2022 – i.e. within 180 days of the PDPL being officially published in the official gazette. Despite this, the Implementing Regulations were only issued in draft for public consultation on 10 March 2022, with the consultation period ending on 25 March 2022 according to the original announcement about the consultation. So, clearly, the Implementing Regulations are ‘late’, relative to what was contemplated when the PDPL was passed.
In terms of the proposed ‘new’ date of 17 March 2023, if we are to understand this in accordance with the PDPL, then this date could be understood as the end of the contemplated grace period of up to 12 months from the law coming into effect on 23 March 2022. In other words, SDAIA’s announcement relating to postponing full enforcement to 17 March 2023 can be understood as consistent with the grace period approach as contemplated in the PDPL.
An alternative interpretation of SDAIA’s announcement is that the date of 17 March 2023 has become a new ‘effective date’ from which the PDPL should be understood as coming into effect, and the grace period of 12 months (as contemplated in the law) accordingly starts from 17 March 2023. While this interpretation sounds convenient (as it will push the timeline for compliance further into 2023/2024), it would seem more consistent with the PDPL to understand 23 March 2022 as the date on which the law has come into force, and thus the grace period has already commenced, to end – as announced by SDAIA – on 17 March 2023.
Obviously, it would be good to have clarity in terms of whether the grace period contemplated in the PDPL ends, or begins, on 17 March 2023. If the grace period ends on that date, it would be good to have the Implementing Regulations published as soon as possible, so that necessary steps can be taken to ensure compliance with the requirements.
Of course, the over-arching consideration, of ensuring that suitable Implementing Regulations are ultimately issued, is a good reason to slow things down a bit. SDAIA seems to be acting prudently in taking this approach.
As a leading law firm in the Middle East & North Africa Region and with a reputable and dedicated Digital & Data practice, Al Tamimi & Company is well placed to assist you with assessing the probable impact of the PDPL and its implementing regulations on your organisation.
If you would like to further discuss the contents of this alert, please contact our Saudi Arabia team.
To learn more about our services and get the latest legal insights from across the Middle East and North Africa region, click on the link below.