Data protective jurisdictions tend to guarantee the right of individuals to contact an organization directly and find out whether personal data is being tracked. Access procedures and acceptable exceptions (such as business secrecy) are determined by law and may be subject to the control of data protection authorities. In the context of HR, personal data access requests can include information tracked by the company as well as data tracked by third-party solutions, such as background check vendors.
Saudi Arabia’s new Personal Data Protection Law (PDPL), gives data subjects, with some exceptions, the right to access their personal data, including the right to obtain a copy of their personal data free of charge.
Controllers (such as employers) are able to restrict the right to access when:
Individuals have additional rights relating to their personal data, including the right:
Executive regulations are expected to specify the time periods and means for responding to requests from data subjects to exercise these rights.