Regulatory Alerts2021-12-23
Personal Data Protection Law and Data Governance Policies, Regulations, and Rules
The Saudi Central Bank (SAMA) issued this circular to mandate financial institutions under its supervision to align their internal data governance policies, procedures, and gap analyses with the Personal Data Protection Law and SDAIA's regulations. Institutions must review and amend existing frameworks to comply within the statutory period, conduct a formal regulatory gap analysis, establish a remediation timeline, and secure Board of Directors approval. All compliance communications and submissions must be directed to SAMA via the designated compliance email address, ensuring centralized oversight of data protection obligations across the financial sector.
Share