Saudi PDPL
Data Privacy
Saudi Arabia's Personal Data Protection Law became fully enforceable in September 2024, marking a new era of data privacy regulation in the Kingdom. This assessment examines your compliance across the PDPL's core requirements — lawful basis documentation, consent management, Data Subject rights fulfillment, sensitive data protections, cross-border transfer safeguards, breach notification to SDAIA, and controller registration on the National Data Governance Platform. The law's extraterritorial reach extends to any entity processing personal data of individuals in Saudi Arabia, with penalties up to SAR 5 million and imprisonment for sensitive data violations.
8
Domains
28
Questions
~28 min
Estimated Time
What You'll Be Assessed On
Scope & Applicability
Applicability Check
3 questions
Data Protection Principles (Art. 10, 14–18)
5 questions
Transparency & Privacy Notices (Art. 12)
3 questions
Data Subject Rights (Art. 19–24)
5 questions
Security Safeguards & Breach Notification (Art. 19, 25)
3 questions
Controller & Processor Obligations (Art. 26–30)
3 questions
Cross-Border Data Transfers (Art. 29, Transfer Regulation)
3 questions
Governance, Training & Accountability
3 questions
Step-by-Step
Answer questions one domain at a time with progress tracking.Instant Scoring
Get a weighted maturity score and per-domain breakdown immediately.Actionable Roadmap
Receive a phased remediation plan tailored to your results.
Takes approximately 28 minutes to complete.