Safeguarding Personal Data – Penalties Await Financial Entities Violating Saudi Arabia’s Data Protection Laws

Impact and Compliance of Financial Entities Under the New Personal Data Protection Mandate

Saudi Arabia has taken a significant step towards safeguarding personal data by enacting the Personal Data Protection Law. With the exponential growth in digital transactions and data sharing, the protection of personal information has become a paramount concern. Financial entities deal with substantial amounts of sensitive customer data, making their compliance with the new law of utmost importance. To ensure data privacy and security, the Saudi Arabian authorities have implemented strict penalties for financial entities found in violation of the Personal Data Protection Law.

New PDPL Regime and its Impact on the Banking and Financial Services Sector

The Personal Data Protection Law was introduced in the Kingdom of Saudi Arabia to align the nation’s data protection standards with international best practices and to provide individuals with enhanced control over their personal information. The law encompasses various principles, including consent, purpose limitation, data accuracy, security, and accountability.

Saudi Arabia’s Personal Data Protection Law (PDPL) is safeguarding individuals’ privacy and imposing significant penalties on banks for non-compliance. Effective from September 14, 2023, the PDPL regulates the handling of personal data by entities operating within the Kingdom.

The PDPL draws inspiration from globally recognized data protection laws, such as the EU’s General Data Protection Regulation, and is guided by principles such as consent, transparency, lawfulness, and purpose limitation. This makes it relatively straightforward for most companies to comply. However, industries that extensively deal with personal data, such as the banking and financial services sector, may face additional requirements and the need to implement stricter controls, policies, and protocols.

Rigorous Penalties for Non-Compliance: From Fines to Revocation of Banking Licenses

Compliance obligations include ensuring the security, accuracy, and confidentiality of personal data, which may impact an organization’s IT infrastructure, systems, and policies. Data controllers must obtain explicit consent from individuals before processing their personal data unless specific exceptions apply. Additionally, companies are required to appoint a data protection officer, conduct data protection impact assessments, report data breaches, and obtain prior approval for cross-border data transfers.

Failure to comply with the PDPL can lead to severe consequences, including fines of up to SR3 million ($800,000) or imprisonment for up to two years. In exceptional cases or persistent non-compliance, the Saudi Central Bank (SAMA) reserves the right to suspend or revoke banking licenses.

Although the precise process for reporting and handling non-compliance cases is still being defined, it is likely that individuals will be directed to the Ministry of Commerce, which will establish an official reporting and complaint handling mechanism over time.

Tax Audits in the UAE

Tax audits in the UAE often trigger apprehension among businesses due to the country’s rigorous tax compliance regime. This article outlines the legal foundation of tax audits under UAE law, delineates the rights of both the Federal Tax Authority (FTA) and taxpayers, and provides strategic guidance for businesses to prepare effectively. Emphasizing readiness, procedural awareness, and system reliability, the article aims to foster a proactive compliance mindset among UAE-based enterprises.

FTA Publishes New Guide on Interest Deduction Limitation Rules under UAE Corporate Tax Law

The guide reflects the UAE’s intention to bring its corporate tax regime in line with international best practices, particularly the OECD’s BEPS (Base Erosion and Profit Shifting) framework, specifically Action 4, which addresses excessive interest deductions. Companies are well advised to incorporate these rules into their tax planning strategies to avoid adverse consequences and to benefit from the flexibility that the legislation offers when applied correctly.

Legal Analysis of the UAE’s New End-of-Service Gratuity Savings Scheme

The UAE’s new end-of-service savings model represents a forward-thinking reform that offers substantial benefits for both employees and employers. The ability to transfer gratuity funds into professionally managed investment schemes provides greater transparency and long-term financial security. Companies interested in participating should proactively adjust their internal processes to take full advantage of this innovative model.

The New UAE Competition Law

The reform of competition law in the UAE marks a significant step towards a more modern and transparent regulatory framework. The introduction of clearly defined merger control thresholds, the elimination of broad sectoral exemptions, and the substantial tightening of penalties reflect a more regulated competitive environment. The law came into force on December 29, 2023, while the new merger control thresholds have been in effect since March 31, 2025. Companies must therefore ensure full compliance with these new provisions as of that date.

Author

TME Legal