SlideShare a Scribd company logo

So you want to prove PDPL Compliance in KSA?

Pyxos
Pyxos

With PDPL enforcement ramping up, companies in Saudi Arabia are being asked not just to comply—but to prove it. In this webinar, Pyxos partnered with GCC Data Protection to explored what it takes to build a defensible, audit-ready program. Topics included: > Why PDPL compliance differs from ISO > What SDAIA, customers, and partners expect as proof > How to embed privacy into culture, workflows, and tech > How Pyxos Fusion supports continuous compliance with AI 📩 First 10 viewers to email [email protected] get a free 1-hour consultation

1 of 43

Download presentation

Your download has started
Download to read offline
1
www.gccdataprotection.com So you want to prove PDPL Compliance in KSA? www.pyxos.ai presented May 19, 2025
2
Introductions
3
LAURA PALMARIELLO Director, GCC Data Protection IAPP CIPP/E | BCS Data Protection Practitioner Certified laura@gccdataprotection.com Director, GCC Data Protection IAPP CIPP/E | IAPP CIPM | BCS Data Protection Practitioner Certified bilal@gccdataprotection.com BILAL GHAFOOR Co-Founder & COO, Pyxos Previously: CTO and SVP at Futuredontics; CIO at Nationwide Insurance; COO for 3 KSA-based ventures | jonathan@pyxos.ai JONATHAN KASS Who We Are
4
Security: ISO27001 vs PDPL ISO: list of standards PDPL: “do what is necessary”
5
Quantitative vs Qualitative Requirements Have you had dinner? Was the food good?
6
It’s not the same as getting an ISO Certification ISO Standards Configurations Quantitative Processes Qualitative PDPL DSARs Time Quantitative Did you send everything? Qualitative Privacy notices Content Quantitative Clarity and completeness Qualitative
7
Binaries
8
Legal basis PDPL Certificates Article 33.2 The Competent Authority may grant licenses to entities that issue accreditation certificates to Controllers and Processors. The Competent Authority shall set the rules to regulate the issuance of such certificates.
9
Legal basis Who do you need to prove compliance to? SDAIA Public Companies
10
Legal basis How they look at you SDAIA Fines, stopping processing Audits, RoPA, breach investigations Companies Other suppliers Due diligence, then powers of audit Public Other suppliers Reputation, regulatory action
11
Legal basis How they look at you SDAIA Fines, stopping processing Audits, RoPA, breach investigations Companies Other suppliers Due diligence, then powers of audit Public Other suppliers Reputation, regulatory action
12
Legal basis Proving compliance • Documentation • Lack of complaints • NDMO checklist? SDAIA • Documentation • Reputation Companies • Reputation • (privacy notice, ease of consent, etc) Public
13
Legal basis Proving compliance • Documentation • Lack of complaints • NDMO checklist? SDAIA • Documentation • Reputation Companies • Reputation • (privacy notice, ease of consent, etc) Public
14
Legal basis Documentation Due diligence questionnaire Data Processing Clauses Data Transfers – SCCs & TRAs Privacy Impact Assessments Can I trust you?
15
Legal basis Do, repeat, do, repeat… and track!
16
Legal basis
17
Effective compliance is about change
18
No controls Effective compliance is about change to Required controls
19
Inconsistently thinking about data privacy Effective compliance is about change to Considering data privacy across operations
20
Added cost mindset Effective compliance is about change to Efficiency & opportunity mindset
21
Effective compliance is about change Health Insurance Portability and Accountability (HIPAA) Payment Card Industry Data Security Standards (PCI-DSS) General Data Protection Regulation (GDPR) Personal Data Protection Law (PDPL)
22
Considering data privacy across operations Required controls Efficiency & opportunity mindset In summary + +
23
Legal basis Culture change is at the core
24
Respecting our customers, coworkers, and partners Culture change is at the core
25
Culture change is at the core Protecting information that is valuable to them & us
26
Legal basis Incorporating this protection into our mission, it's part of our pride in our products & services Culture change is at the core
27
Legal basis Incorporating Protecting Respecting In summary + + Sustainable Culture Change
28
Leverage tech to make it easier & safer Start: Where in our workflows is personal data at risk? Think: Data Protection Impact Assessment i.e. DPIAs Ask: And how can we reduce that risk?
29
Leverage tech to make it easier & safer Existing systems & controls Risk Mitigation Risk Monitoring Documentation, evidence collection, reporting technology streamlines these ongoing steps
30
Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 30 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
31
Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 31 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
32
Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 32 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
33
Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 33 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
34
Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 34 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
35
Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 35 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
36
Leverage tech to make it easier & safer Existing systems & controls Documentation, evidence collection, reporting technology streamlines these ongoing steps technology powers dashboards & alerts to GRC team Risk Mitigation Risk Monitoring
37
Remember: Partners & vendors are in your chain of trust Signed agreements are not enough
38
Remember: Partners & vendors are in your chain of trust
39
Legal basis Make it add value: A privacy focus brings opportunity & trust
40
Encourage others Lead by example: Become a Privacy Champion Acknowledge efforts & results Reflect on your own behavior
41
Legal basis And start now… The best time to start was before September of 2024. The next best time is now.
42
Summary ● KSA PDPL compliance is different from ISO certification… don’t expect they work alike ● You must prove compliance to 3 parties: SDAIA, your customers, and the public ● Documentation alone isn’t enough… culture, clarity, and credibility all matter ● Compliance is a journey of change… critically in culture and mindset, not just process ● Manual oversight alone will fall short… technology gives you consistency and scale ● Your vendors and partners matter… they are part of your trust chain ● Start now… you will not only lead, but you’ll also get ahead
43
Thank You! Image Credit: By B.alotaby Own work, CC BY-SA 4.0 bilal@gccdataprotection.com jonathan@pyxos.ai laura@gccdataprotection.com Free 1-Hour PDPL Help for the First 10 Attendees We’re offering a free, 1-hour PDPL consultation or executive briefing to the first 10 attendees who email us at growth@pyxos.ai
www.gccdataprotection.com So you want to prove PDPL Compliance in KSA? www.pyxos.ai presented May 19, 2025
Introductions
LAURA PALMARIELLO Director, GCC Data Protection IAPP CIPP/E | BCS Data Protection Practitioner Certified laura@gccdataprotection.com Director, GCC Data Protection IAPP CIPP/E | IAPP CIPM | BCS Data Protection Practitioner Certified bilal@gccdataprotection.com BILAL GHAFOOR Co-Founder & COO, Pyxos Previously: CTO and SVP at Futuredontics; CIO at Nationwide Insurance; COO for 3 KSA-based ventures | jonathan@pyxos.ai JONATHAN KASS Who We Are
Security: ISO27001 vs PDPL ISO: list of standards PDPL: “do what is necessary”
Quantitative vs Qualitative Requirements Have you had dinner? Was the food good?
It’s not the same as getting an ISO Certification ISO Standards Configurations Quantitative Processes Qualitative PDPL DSARs Time Quantitative Did you send everything? Qualitative Privacy notices Content Quantitative Clarity and completeness Qualitative
Binaries
Legal basis PDPL Certificates Article 33.2 The Competent Authority may grant licenses to entities that issue accreditation certificates to Controllers and Processors. The Competent Authority shall set the rules to regulate the issuance of such certificates.
Legal basis Who do you need to prove compliance to? SDAIA Public Companies
Legal basis How they look at you SDAIA Fines, stopping processing Audits, RoPA, breach investigations Companies Other suppliers Due diligence, then powers of audit Public Other suppliers Reputation, regulatory action
Legal basis How they look at you SDAIA Fines, stopping processing Audits, RoPA, breach investigations Companies Other suppliers Due diligence, then powers of audit Public Other suppliers Reputation, regulatory action
Legal basis Proving compliance • Documentation • Lack of complaints • NDMO checklist? SDAIA • Documentation • Reputation Companies • Reputation • (privacy notice, ease of consent, etc) Public
Legal basis Proving compliance • Documentation • Lack of complaints • NDMO checklist? SDAIA • Documentation • Reputation Companies • Reputation • (privacy notice, ease of consent, etc) Public
Legal basis Documentation Due diligence questionnaire Data Processing Clauses Data Transfers – SCCs & TRAs Privacy Impact Assessments Can I trust you?
Legal basis Do, repeat, do, repeat… and track!
Legal basis
Effective compliance is about change
No controls Effective compliance is about change to Required controls
Inconsistently thinking about data privacy Effective compliance is about change to Considering data privacy across operations
Added cost mindset Effective compliance is about change to Efficiency & opportunity mindset
Effective compliance is about change Health Insurance Portability and Accountability (HIPAA) Payment Card Industry Data Security Standards (PCI-DSS) General Data Protection Regulation (GDPR) Personal Data Protection Law (PDPL)
Considering data privacy across operations Required controls Efficiency & opportunity mindset In summary + +
Legal basis Culture change is at the core
Respecting our customers, coworkers, and partners Culture change is at the core
Culture change is at the core Protecting information that is valuable to them & us
Legal basis Incorporating this protection into our mission, it's part of our pride in our products & services Culture change is at the core
Legal basis Incorporating Protecting Respecting In summary + + Sustainable Culture Change
Leverage tech to make it easier & safer Start: Where in our workflows is personal data at risk? Think: Data Protection Impact Assessment i.e. DPIAs Ask: And how can we reduce that risk?
Leverage tech to make it easier & safer Existing systems & controls Risk Mitigation Risk Monitoring Documentation, evidence collection, reporting technology streamlines these ongoing steps
Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 30 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 31 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 32 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 33 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 34 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 35 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
Leverage tech to make it easier & safer Existing systems & controls Documentation, evidence collection, reporting technology streamlines these ongoing steps technology powers dashboards & alerts to GRC team Risk Mitigation Risk Monitoring
Remember: Partners & vendors are in your chain of trust Signed agreements are not enough
Remember: Partners & vendors are in your chain of trust
Legal basis Make it add value: A privacy focus brings opportunity & trust
Encourage others Lead by example: Become a Privacy Champion Acknowledge efforts & results Reflect on your own behavior
Legal basis And start now… The best time to start was before September of 2024. The next best time is now.
Summary ● KSA PDPL compliance is different from ISO certification… don’t expect they work alike ● You must prove compliance to 3 parties: SDAIA, your customers, and the public ● Documentation alone isn’t enough… culture, clarity, and credibility all matter ● Compliance is a journey of change… critically in culture and mindset, not just process ● Manual oversight alone will fall short… technology gives you consistency and scale ● Your vendors and partners matter… they are part of your trust chain ● Start now… you will not only lead, but you’ll also get ahead
Thank You! Image Credit: By B.alotaby Own work, CC BY-SA 4.0 bilal@gccdataprotection.com jonathan@pyxos.ai laura@gccdataprotection.com Free 1-Hour PDPL Help for the First 10 Attendees We’re offering a free, 1-hour PDPL consultation or executive briefing to the first 10 attendees who email us at growth@pyxos.ai

Recommended

All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR priorities
Alberto Canadè
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
Paul O'Carroll
 
GDPRBrief.pptx
GDPRBrief.pptxGDPRBrief.pptx
GDPRBrief.pptx
BabatundeAbioye2
 
Tools to help GDPR compliance
Tools to help GDPR complianceTools to help GDPR compliance
Tools to help GDPR compliance
CSUC - Consorci de Serveis Universitaris de Catalunya
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
Gary Dodson
 
TrustArc Webinar - Building your DPIA/PIA Program: Best Practices & Tips
TrustArc Webinar - Building your DPIA/PIA Program: Best Practices & TipsTrustArc Webinar - Building your DPIA/PIA Program: Best Practices & Tips
TrustArc Webinar - Building your DPIA/PIA Program: Best Practices & Tips
TrustArc
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
trellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdftrellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdf
LaLaBlaGhvgT
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
Aggregage
 
DPIA-Data Protection Impact Assessment for Companies
DPIA-Data Protection Impact Assessment for CompaniesDPIA-Data Protection Impact Assessment for Companies
DPIA-Data Protection Impact Assessment for Companies
HishamMohammed46
 
Assessing the impact of security services
Assessing the impact of security servicesAssessing the impact of security services
Assessing the impact of security services
Jisc
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
TrustArc
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
ControlCase
 
What is a data protection impact assessment? what are the essential stages to...
What is a data protection impact assessment? what are the essential stages to...What is a data protection impact assessment? what are the essential stages to...
What is a data protection impact assessment? what are the essential stages to...
Infinity Legal Solutions
 
What is a data protection impact assessment?
What is a data protection impact assessment?What is a data protection impact assessment?
What is a data protection impact assessment?
Infinity Legal Solutions
 
Beyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditBeyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal Audit
Omo Osagiede
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
Cloudera, Inc.
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
Dione McBride, CISSP, CIPP/E
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018
DEFeND Project
 
Mastering Data Compliance in a Dynamic Business Landscape
Mastering Data Compliance in a Dynamic Business LandscapeMastering Data Compliance in a Dynamic Business Landscape
Mastering Data Compliance in a Dynamic Business Landscape
Denodo
 
Maturing Your Organization's Information Risk Management Strategy
Maturing Your Organization's Information Risk Management StrategyMaturing Your Organization's Information Risk Management Strategy
Maturing Your Organization's Information Risk Management Strategy
Privacera
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Konverge Technologies Pvt. Ltd.
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
TrustArc
 
6-2-25 Silverview Objecting to Agreement with Deerfield (Heller).pdf
6-2-25 Silverview Objecting to Agreement with Deerfield (Heller).pdf6-2-25 Silverview Objecting to Agreement with Deerfield (Heller).pdf
6-2-25 Silverview Objecting to Agreement with Deerfield (Heller).pdf
skysthelimitcolor
 
Interest and cost PPT-1.pptx cpc notes law
Interest and cost PPT-1.pptx cpc notes lawInterest and cost PPT-1.pptx cpc notes law
Interest and cost PPT-1.pptx cpc notes law
mokshi4116503822
 

More Related Content

Similar to So you want to prove PDPL Compliance in KSA? (20)

trellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdftrellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdf
LaLaBlaGhvgT
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
Aggregage
 
DPIA-Data Protection Impact Assessment for Companies
DPIA-Data Protection Impact Assessment for CompaniesDPIA-Data Protection Impact Assessment for Companies
DPIA-Data Protection Impact Assessment for Companies
HishamMohammed46
 
Assessing the impact of security services
Assessing the impact of security servicesAssessing the impact of security services
Assessing the impact of security services
Jisc
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
TrustArc
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
ControlCase
 
What is a data protection impact assessment? what are the essential stages to...
What is a data protection impact assessment? what are the essential stages to...What is a data protection impact assessment? what are the essential stages to...
What is a data protection impact assessment? what are the essential stages to...
Infinity Legal Solutions
 
What is a data protection impact assessment?
What is a data protection impact assessment?What is a data protection impact assessment?
What is a data protection impact assessment?
Infinity Legal Solutions
 
Beyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditBeyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal Audit
Omo Osagiede
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
Cloudera, Inc.
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
Dione McBride, CISSP, CIPP/E
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018
DEFeND Project
 
Mastering Data Compliance in a Dynamic Business Landscape
Mastering Data Compliance in a Dynamic Business LandscapeMastering Data Compliance in a Dynamic Business Landscape
Mastering Data Compliance in a Dynamic Business Landscape
Denodo
 
Maturing Your Organization's Information Risk Management Strategy
Maturing Your Organization's Information Risk Management StrategyMaturing Your Organization's Information Risk Management Strategy
Maturing Your Organization's Information Risk Management Strategy
Privacera
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Konverge Technologies Pvt. Ltd.
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
TrustArc
 
trellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdftrellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdf
LaLaBlaGhvgT
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
Aggregage
 
DPIA-Data Protection Impact Assessment for Companies
DPIA-Data Protection Impact Assessment for CompaniesDPIA-Data Protection Impact Assessment for Companies
DPIA-Data Protection Impact Assessment for Companies
HishamMohammed46
 
Assessing the impact of security services
Assessing the impact of security servicesAssessing the impact of security services
Assessing the impact of security services
Jisc
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
TrustArc
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
ControlCase
 
What is a data protection impact assessment? what are the essential stages to...
What is a data protection impact assessment? what are the essential stages to...What is a data protection impact assessment? what are the essential stages to...
What is a data protection impact assessment? what are the essential stages to...
Infinity Legal Solutions
 
What is a data protection impact assessment?
What is a data protection impact assessment?What is a data protection impact assessment?
What is a data protection impact assessment?
Infinity Legal Solutions
 
Beyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditBeyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal Audit
Omo Osagiede
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
Cloudera, Inc.
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
Dione McBride, CISSP, CIPP/E
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018
DEFeND Project
 
Mastering Data Compliance in a Dynamic Business Landscape
Mastering Data Compliance in a Dynamic Business LandscapeMastering Data Compliance in a Dynamic Business Landscape
Mastering Data Compliance in a Dynamic Business Landscape
Denodo
 
Maturing Your Organization's Information Risk Management Strategy
Maturing Your Organization's Information Risk Management StrategyMaturing Your Organization's Information Risk Management Strategy
Maturing Your Organization's Information Risk Management Strategy
Privacera
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Konverge Technologies Pvt. Ltd.
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
TrustArc
 

Recently uploaded (20)

6-2-25 Silverview Objecting to Agreement with Deerfield (Heller).pdf
6-2-25 Silverview Objecting to Agreement with Deerfield (Heller).pdf6-2-25 Silverview Objecting to Agreement with Deerfield (Heller).pdf
6-2-25 Silverview Objecting to Agreement with Deerfield (Heller).pdf
skysthelimitcolor
 
Interest and cost PPT-1.pptx cpc notes law
Interest and cost PPT-1.pptx cpc notes lawInterest and cost PPT-1.pptx cpc notes law
Interest and cost PPT-1.pptx cpc notes law
mokshi4116503822
 
Easements property law UK, Re ellenborough park criteria .pptx
Easements property law UK, Re ellenborough park criteria .pptxEasements property law UK, Re ellenborough park criteria .pptx
Easements property law UK, Re ellenborough park criteria .pptx
ArzaamBhatti1
 
Work 54545333553Place Chemical Hazard.pptx
Work 54545333553Place Chemical Hazard.pptxWork 54545333553Place Chemical Hazard.pptx
Work 54545333553Place Chemical Hazard.pptx
strent38
 
Client-Attorney Privilege_ The Cornerstone of Confidentiality in Criminal Def...
Client-Attorney Privilege_ The Cornerstone of Confidentiality in Criminal Def...Client-Attorney Privilege_ The Cornerstone of Confidentiality in Criminal Def...
Client-Attorney Privilege_ The Cornerstone of Confidentiality in Criminal Def...
Jolene Maloney
 
Merit Promotion Plan for Faculty of Kalinga State University
Merit Promotion Plan for Faculty of Kalinga State UniversityMerit Promotion Plan for Faculty of Kalinga State University
Merit Promotion Plan for Faculty of Kalinga State University
KASC
 
A claim against UNESCO is sent to the honorable United Nations Secretary-G...
A claim against UNESCO is sent to the honorable United Nations Secretary-G...A claim against UNESCO is sent to the honorable United Nations Secretary-G...
A claim against UNESCO is sent to the honorable United Nations Secretary-G...
Gerges francis
 
How to File TDS Return Online: Step-by-Step Guide
How to File TDS Return Online: Step-by-Step GuideHow to File TDS Return Online: Step-by-Step Guide
How to File TDS Return Online: Step-by-Step Guide
mpghosh349
 
6-3-25 CHICAGO ATLANTIC OBJECTION (Heller)
6-3-25 CHICAGO ATLANTIC OBJECTION (Heller)6-3-25 CHICAGO ATLANTIC OBJECTION (Heller)
6-3-25 CHICAGO ATLANTIC OBJECTION (Heller)
skysthelimitcolor
 
Realist School.pptx opopopoooooloolpoopooo
Realist School.pptx opopopoooooloolpoopoooRealist School.pptx opopopoooooloolpoopooo
Realist School.pptx opopopoooooloolpoopooo
mokshi4116503822
 
cdip_29_ppt_1.ppt law intelectual property
cdip_29_ppt_1.ppt law intelectual propertycdip_29_ppt_1.ppt law intelectual property
cdip_29_ppt_1.ppt law intelectual property
vishalpatidar74
 
Dr. Qidwai Freed of All Allegations by Court Decision.pdf
Dr. Qidwai Freed of All Allegations by Court Decision.pdfDr. Qidwai Freed of All Allegations by Court Decision.pdf
Dr. Qidwai Freed of All Allegations by Court Decision.pdf
Faisal Qidwai
 
Clinical Research Guidelines & Regulatory Framework.pptx
Clinical Research Guidelines & Regulatory Framework.pptxClinical Research Guidelines & Regulatory Framework.pptx
Clinical Research Guidelines & Regulatory Framework.pptx
Ms. Harshada Kiran Sonawane
 
Active & passive voice-1in function english
Active & passive voice-1in function englishActive & passive voice-1in function english
Active & passive voice-1in function english
singhshaka13
 
To What Extent an Accountable Government Has Been Ensured in Bangladesh.
To What Extent an Accountable Government Has Been Ensured in Bangladesh.To What Extent an Accountable Government Has Been Ensured in Bangladesh.
To What Extent an Accountable Government Has Been Ensured in Bangladesh.
MD.Istiaque Alam Anik
 
5-30-25 Heller Argument Against Prestige
5-30-25 Heller Argument Against Prestige5-30-25 Heller Argument Against Prestige
5-30-25 Heller Argument Against Prestige
skysthelimitcolor
 
FSSC 22000 v 6.0 Internal Auditor Training Handbook.pptx
FSSC 22000 v 6.0 Internal Auditor Training Handbook.pptxFSSC 22000 v 6.0 Internal Auditor Training Handbook.pptx
FSSC 22000 v 6.0 Internal Auditor Training Handbook.pptx
prasuunicorn
 
Parties in the Heller Bankruptcy Case.pdf
Parties in the Heller Bankruptcy Case.pdfParties in the Heller Bankruptcy Case.pdf
Parties in the Heller Bankruptcy Case.pdf
skysthelimitcolor
 
2025 Executive Administrator Listing.pdf
2025 Executive Administrator Listing.pdf2025 Executive Administrator Listing.pdf
2025 Executive Administrator Listing.pdf
Kairos Capital Legal Advisors,LLC
 
Josh Rudolfi Secures Knee Surgeries for Truck Driver
Josh Rudolfi Secures Knee Surgeries for Truck DriverJosh Rudolfi Secures Knee Surgeries for Truck Driver
Josh Rudolfi Secures Knee Surgeries for Truck Driver
Ankin Law Office, LLC
 
6-2-25 Silverview Objecting to Agreement with Deerfield (Heller).pdf
6-2-25 Silverview Objecting to Agreement with Deerfield (Heller).pdf6-2-25 Silverview Objecting to Agreement with Deerfield (Heller).pdf
6-2-25 Silverview Objecting to Agreement with Deerfield (Heller).pdf
skysthelimitcolor
 
Interest and cost PPT-1.pptx cpc notes law
Interest and cost PPT-1.pptx cpc notes lawInterest and cost PPT-1.pptx cpc notes law
Interest and cost PPT-1.pptx cpc notes law
mokshi4116503822
 
Easements property law UK, Re ellenborough park criteria .pptx
Easements property law UK, Re ellenborough park criteria .pptxEasements property law UK, Re ellenborough park criteria .pptx
Easements property law UK, Re ellenborough park criteria .pptx
ArzaamBhatti1
 
Work 54545333553Place Chemical Hazard.pptx
Work 54545333553Place Chemical Hazard.pptxWork 54545333553Place Chemical Hazard.pptx
Work 54545333553Place Chemical Hazard.pptx
strent38
 
Client-Attorney Privilege_ The Cornerstone of Confidentiality in Criminal Def...
Client-Attorney Privilege_ The Cornerstone of Confidentiality in Criminal Def...Client-Attorney Privilege_ The Cornerstone of Confidentiality in Criminal Def...
Client-Attorney Privilege_ The Cornerstone of Confidentiality in Criminal Def...
Jolene Maloney
 
Merit Promotion Plan for Faculty of Kalinga State University
Merit Promotion Plan for Faculty of Kalinga State UniversityMerit Promotion Plan for Faculty of Kalinga State University
Merit Promotion Plan for Faculty of Kalinga State University
KASC
 
A claim against UNESCO is sent to the honorable United Nations Secretary-G...
A claim against UNESCO is sent to the honorable United Nations Secretary-G...A claim against UNESCO is sent to the honorable United Nations Secretary-G...
A claim against UNESCO is sent to the honorable United Nations Secretary-G...
Gerges francis
 
How to File TDS Return Online: Step-by-Step Guide
How to File TDS Return Online: Step-by-Step GuideHow to File TDS Return Online: Step-by-Step Guide
How to File TDS Return Online: Step-by-Step Guide
mpghosh349
 
6-3-25 CHICAGO ATLANTIC OBJECTION (Heller)
6-3-25 CHICAGO ATLANTIC OBJECTION (Heller)6-3-25 CHICAGO ATLANTIC OBJECTION (Heller)
6-3-25 CHICAGO ATLANTIC OBJECTION (Heller)
skysthelimitcolor
 
Realist School.pptx opopopoooooloolpoopooo
Realist School.pptx opopopoooooloolpoopoooRealist School.pptx opopopoooooloolpoopooo
Realist School.pptx opopopoooooloolpoopooo
mokshi4116503822
 
cdip_29_ppt_1.ppt law intelectual property
cdip_29_ppt_1.ppt law intelectual propertycdip_29_ppt_1.ppt law intelectual property
cdip_29_ppt_1.ppt law intelectual property
vishalpatidar74
 
Dr. Qidwai Freed of All Allegations by Court Decision.pdf
Dr. Qidwai Freed of All Allegations by Court Decision.pdfDr. Qidwai Freed of All Allegations by Court Decision.pdf
Dr. Qidwai Freed of All Allegations by Court Decision.pdf
Faisal Qidwai
 
Clinical Research Guidelines & Regulatory Framework.pptx
Clinical Research Guidelines & Regulatory Framework.pptxClinical Research Guidelines & Regulatory Framework.pptx
Clinical Research Guidelines & Regulatory Framework.pptx
Ms. Harshada Kiran Sonawane
 
Active & passive voice-1in function english
Active & passive voice-1in function englishActive & passive voice-1in function english
Active & passive voice-1in function english
singhshaka13
 
To What Extent an Accountable Government Has Been Ensured in Bangladesh.
To What Extent an Accountable Government Has Been Ensured in Bangladesh.To What Extent an Accountable Government Has Been Ensured in Bangladesh.
To What Extent an Accountable Government Has Been Ensured in Bangladesh.
MD.Istiaque Alam Anik
 
5-30-25 Heller Argument Against Prestige
5-30-25 Heller Argument Against Prestige5-30-25 Heller Argument Against Prestige
5-30-25 Heller Argument Against Prestige
skysthelimitcolor
 
FSSC 22000 v 6.0 Internal Auditor Training Handbook.pptx
FSSC 22000 v 6.0 Internal Auditor Training Handbook.pptxFSSC 22000 v 6.0 Internal Auditor Training Handbook.pptx
FSSC 22000 v 6.0 Internal Auditor Training Handbook.pptx
prasuunicorn
 
Parties in the Heller Bankruptcy Case.pdf
Parties in the Heller Bankruptcy Case.pdfParties in the Heller Bankruptcy Case.pdf
Parties in the Heller Bankruptcy Case.pdf
skysthelimitcolor
 
2025 Executive Administrator Listing.pdf
2025 Executive Administrator Listing.pdf2025 Executive Administrator Listing.pdf
2025 Executive Administrator Listing.pdf
Kairos Capital Legal Advisors,LLC
 
Josh Rudolfi Secures Knee Surgeries for Truck Driver
Josh Rudolfi Secures Knee Surgeries for Truck DriverJosh Rudolfi Secures Knee Surgeries for Truck Driver
Josh Rudolfi Secures Knee Surgeries for Truck Driver
Ankin Law Office, LLC
 

So you want to prove PDPL Compliance in KSA?

  • 1. www.gccdataprotection.com So you want to prove PDPL Compliance in KSA? www.pyxos.ai presented May 19, 2025
  • 3. LAURA PALMARIELLO Director, GCC Data Protection IAPP CIPP/E | BCS Data Protection Practitioner Certified [email protected] Director, GCC Data Protection IAPP CIPP/E | IAPP CIPM | BCS Data Protection Practitioner Certified [email protected] BILAL GHAFOOR Co-Founder & COO, Pyxos Previously: CTO and SVP at Futuredontics; CIO at Nationwide Insurance; COO for 3 KSA-based ventures | [email protected] JONATHAN KASS Who We Are
  • 4. Security: ISO27001 vs PDPL ISO: list of standards PDPL: “do what is necessary”
  • 5. Quantitative vs Qualitative Requirements Have you had dinner? Was the food good?
  • 6. It’s not the same as getting an ISO Certification ISO Standards Configurations Quantitative Processes Qualitative PDPL DSARs Time Quantitative Did you send everything? Qualitative Privacy notices Content Quantitative Clarity and completeness Qualitative
  • 8. Legal basis PDPL Certificates Article 33.2 The Competent Authority may grant licenses to entities that issue accreditation certificates to Controllers and Processors. The Competent Authority shall set the rules to regulate the issuance of such certificates.
  • 9. Legal basis Who do you need to prove compliance to? SDAIA Public Companies
  • 10. Legal basis How they look at you SDAIA Fines, stopping processing Audits, RoPA, breach investigations Companies Other suppliers Due diligence, then powers of audit Public Other suppliers Reputation, regulatory action
  • 11. Legal basis How they look at you SDAIA Fines, stopping processing Audits, RoPA, breach investigations Companies Other suppliers Due diligence, then powers of audit Public Other suppliers Reputation, regulatory action
  • 12. Legal basis Proving compliance • Documentation • Lack of complaints • NDMO checklist? SDAIA • Documentation • Reputation Companies • Reputation • (privacy notice, ease of consent, etc) Public
  • 13. Legal basis Proving compliance • Documentation • Lack of complaints • NDMO checklist? SDAIA • Documentation • Reputation Companies • Reputation • (privacy notice, ease of consent, etc) Public
  • 14. Legal basis Documentation Due diligence questionnaire Data Processing Clauses Data Transfers – SCCs & TRAs Privacy Impact Assessments Can I trust you?
  • 15. Legal basis Do, repeat, do, repeat… and track!
  • 17. Effective compliance is about change
  • 18. No controls Effective compliance is about change to Required controls
  • 19. Inconsistently thinking about data privacy Effective compliance is about change to Considering data privacy across operations
  • 20. Added cost mindset Effective compliance is about change to Efficiency & opportunity mindset
  • 21. Effective compliance is about change Health Insurance Portability and Accountability (HIPAA) Payment Card Industry Data Security Standards (PCI-DSS) General Data Protection Regulation (GDPR) Personal Data Protection Law (PDPL)
  • 22. Considering data privacy across operations Required controls Efficiency & opportunity mindset In summary + +
  • 23. Legal basis Culture change is at the core
  • 25. Culture change is at the core Protecting information that is valuable to them & us
  • 26. Legal basis Incorporating this protection into our mission, it's part of our pride in our products & services Culture change is at the core
  • 28. Leverage tech to make it easier & safer Start: Where in our workflows is personal data at risk? Think: Data Protection Impact Assessment i.e. DPIAs Ask: And how can we reduce that risk?
  • 29. Leverage tech to make it easier & safer Existing systems & controls Risk Mitigation Risk Monitoring Documentation, evidence collection, reporting technology streamlines these ongoing steps
  • 30. Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 30 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
  • 31. Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 31 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
  • 32. Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 32 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
  • 33. Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 33 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
  • 34. Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 34 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
  • 35. Pyxos Fusion: AI Powered Compliance Navigate Provides a comprehensive toolset designed to guide stakeholders through understanding legal requirements, developing organizational policies, and managing enablement initiatives. Illuminate AI-powered data discovery and privacy risk mapping toolset that provides comprehensive visibility and control over an organization’s data landscape. Orchestrate Streamlines PDPL compliance by automating and managing critical workflows for Records of Processing Activities (ROPA), Data Subject Access Requests (DSARs), and third-party risk assessments, ensuring auditable data protection across the organization. Consent Automates the process of obtaining, storing, and managing user consent for data collection and processing. Protect Safeguards sensitive information intercepting data flows, applying robust encryption, and implementing advanced obfuscation techniques. With AI continuously analyzing data flows, Protect ensures that data remains secure and compliant throughout its lifecycle. 35 An end-to-end privacy and compliance solution, incorporating user consent, regulatory navigation, data privacy risk mapping, compliance workflow management and automation, and data protection
  • 36. Leverage tech to make it easier & safer Existing systems & controls Documentation, evidence collection, reporting technology streamlines these ongoing steps technology powers dashboards & alerts to GRC team Risk Mitigation Risk Monitoring
  • 37. Remember: Partners & vendors are in your chain of trust Signed agreements are not enough
  • 38. Remember: Partners & vendors are in your chain of trust
  • 39. Legal basis Make it add value: A privacy focus brings opportunity & trust
  • 40. Encourage others Lead by example: Become a Privacy Champion Acknowledge efforts & results Reflect on your own behavior
  • 41. Legal basis And start now… The best time to start was before September of 2024. The next best time is now.
  • 42. Summary ● KSA PDPL compliance is different from ISO certification… don’t expect they work alike ● You must prove compliance to 3 parties: SDAIA, your customers, and the public ● Documentation alone isn’t enough… culture, clarity, and credibility all matter ● Compliance is a journey of change… critically in culture and mindset, not just process ● Manual oversight alone will fall short… technology gives you consistency and scale ● Your vendors and partners matter… they are part of your trust chain ● Start now… you will not only lead, but you’ll also get ahead
  • 43. Thank You! Image Credit: By B.alotaby Own work, CC BY-SA 4.0 [email protected] [email protected] [email protected] Free 1-Hour PDPL Help for the First 10 Attendees We’re offering a free, 1-hour PDPL consultation or executive briefing to the first 10 attendees who email us at [email protected]

Download presentation

Your download has started