Employee Data Privacy

Saudi Arabia - Data Privacy Laws and Regulations

 Download as a PDF

What laws apply to the collection and use of individuals’ personal information?

Data privacy laws have become more prominent in recent years. As the amount of personal information available online has grown substantially, there has been an enhanced focus on the processing of personal data, as well as the enforcement of such laws.

Saudi Arabia does not currently have an overarching privacy framework or data protection law. In Saudi Arabia, laws are generally based on Shari’ah principles including protecting an individual’s right to privacy, prohibiting the invasion of individuals’ private lives and, prohibiting the disclosure of secrets in most cases. Laws that relate to data protection include:

The Law of Governance (March 1, 1992), which sets the basic right that the “privacy of telegraphic and postal communications, and telephone and other means of communication, shall be inviolate.” Surveillance and eavesdropping are prohibited except when permitted by law (Art. 40).

Law No. 32 of 1421 AH concerning Printed Materials and Publication (Publications Law) criminalizes the "encroachment of people's dignity and freedom, extortion or defamation of persons.” Under this law, parties who possess personal data must consider whether the disclosure of personal data would be considered a violation of the private lives of individuals. Processing HR related data for employment purposes would generally be allowed, but processing employee personal data for other purposes that an individual may not expect or be aware would increase risk.

The Saudi Cloud Computing Regulatory Framework (CCRF) applies to cloud computing services in Saudi Arabia (where the cloud infrastructure is in Saudi Arabia or, a Saudi business is the provider) or procured by Saudi businesses and imposes security requirements on the provider.

There are other sectoral laws and regulations that apply to the collection and use of individual’s personal information, but these generally don’t apply to human resources related records.



There is no privacy authority responsible for the enforcement of data privacy laws and regulations in Saudi Arabia. Privacy related infringements of basic laws would be investigated as criminal complaints by the police, and if there is a basis for charges, would be given to the public prosecutor.

UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk