By: Editorial Staff, Date: March 21st, 2022

In September 2021, the Kingdom of Saudi Arabia issued a new comprehensive data protection law called Personal Data Protection Law (PDPL). Under this new law, companies in Saudi Arabia cannot transfer personal data outside the Kingdom without first acquiring an individual exemption. Saudi Arabian companies that don’t comply with the PDPL will be subject to criminal sanctions. However, lobbying firms in the United States now warn that enforcing the PDPL could have serious economic consequences for Saudi Arabia.

“There are several aspects of this law that pose not only significant problems for the private sector but will be significant barriers to helping the Kingdom achieve its goal to become a digital hub,” one lobbying group representing more than 3 million businesses said in an open letter. “It will have a major impact on the cost and ability to do business in the Kingdom.”


The letter went on to say, “Data localization requirements will impose substantial costs on all companies doing business in Saudi Arabia without increasing security. Localization will raise the cost of data storage and cloud-based services in the Kingdom and maintaining separate local servers may not be possible or practical given current network architecture.”

At a time when Saudi Arabia is actively trying to attract foreign investors to diversify an economy that is still heavily reliant on selling oil, which makes it more difficult for companies doing business in Saudi Arabia, is no doubt puzzling. While the PDPL could be seen as a move to bolster cybersecurity, most experts warn that the new law could create more cybersecurity concerns for the Kingdom by limiting its access to international cloud services. For more Technology & Cybersecurity webcasts, click here.

Related Webcasts

Upcoming Webcasts

Antitrust & IP Landscape: Navigating the Challenges of AI & Algorithm

Tue, September 17, 2024 @ 12:00 pm - 1:30 pm EDT