Employee Data Privacy | Saudi Arabia

Saudi Arabia - Fines and Penalties

What are the penalties for noncompliance with any applicable data protection laws?

Noncompliance with data privacy laws and data breaches may lead to sanctions, fines, and penalties. The amounts are usually calculated according to the risk to which personal rights were exposed and the preventive measures taken by the data controllers, processors and sub-processors in relation to their respective role in the chain of personal data processing.

Saudi Arabia’s new Personal Data Protection Law (PDPL) includes civil and criminal penalties for offences. Individuals who commit an offence would also be liable for criminal sanctions. Criminal sanctions apply to:

the disclosure or publication of Sensitive Data contrary to the PDPL, which may result in imprisonment of up to two years or a fine of up to SAR 3,000,000;
violating data transfer provisions, which may result in imprisonment of up to one year and a fine of up to SAR 1,000,000.

Violations of other provisions of the PDPL are limited to a warning or fines of up to SAR 5,000,000.

Note that repeat violations can result in doubling the maximum penalty. In addition, the court can order the confiscation of funds gained as a result of the breach of the PDPL or require the publication of the judgment in a newspaper or media at the expense of the offender.

Parties impacted by a violation of the PDPL may be able to claim compensation.

UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk