Personal data protection law: A new era and a game changer
During the past week, the Saudi Council of Ministers issued their approval for the personal data protection law, which is the first time in the history of the Kingdom that a special and dedicated data protection law has been enacted. In today’s article, we will briefly discuss the previous law’s handling of this type of data, the most prominent effects of implementing this promising law and its executive regulations, too.
First, we can define personal data as information that allows an individual to be identified when used alone or with other related data, where personally identifiable information may contain direct data such as national identity information, passport data or even health certificates. This information also includes indirect data that can be combined with other data of its kind to allow the identification of an individual.
With the technical development and the creation of new concepts of data use, personal data has been addressed sporadically in several Saudi laws, such as the electronic commerce law, the anti-cybercrime law and regulation, the electronic transaction law, cloud computing regulations and frameworks, as well as the regulatory framework for the Internet of Things issued by the Communications and Information Technology Commission.
It is also worth noting that the introduction of a law regulating the mechanism of data circulation and delineating its limits will undoubtedly provide the required protection for data, and perhaps the adoption of this law has equal resonance with institutions and members of society, as I believe as an individual in the importance of having such a law to protect me personally from various risks and misuse. I hope that the adoption of such a dedicated law for the protection of this data will complement the above and has been approved in other laws and regulations in a way that protects and helps at the same time in facilitating the services that are provided through various electronic and manual channels, whether governmental, commercial or even for promotional purposes.
Implementing this law will achieve sufficient awareness among community members, and enable and encourage them to contribute and facilitate their role in referendums, for example, as well as research and even events. This will happen because the individual will provide his or her data and agree to share it because there is a clear law that protects it, unlike the circumstances that some people currently face. Previously, many people were reluctant to provide their data to different parties due to the lack of a law that protects them and their personal information.
On the other hand, and in the context of general data protection, it is worth noting that regardless of industry, size and location, any company can be a target for cybercriminals. This means that the protection of personal data for individuals is also within the responsibility of different companies, as the latter should focus on building an institutional and individual culture to make sure that their adopted systems are secured in addition to educating their own employees as well.
• Dimah Talal Alsharif is a Saudi lawyer and legal consultant. Twitter: @dimah_alsharif