For organizations in the Kingdom, 2026 marks the end of “preparatory” compliance. The Saudi Personal Data Protection Law (PDPL) is now being strictly enforced by SDAIA (Saudi Data & AI Authority). With the National Data Management Office (NDMO) releasing updated standards, the focus has shifted toward data sovereignty and the formalization of the DPO role.

Key Requirements for 2026:

• Data Residency: Under the PDPL, the transfer of sensitive personal data outside the Kingdom is restricted. You need a live inventory that tracks exactly where your data sits—at rest and in transit.

• SDAIA Digital Portal: Entities must now register and submit regulatory information through official digital systems. Enactia helps you centralize the data needed for these submissions.

• Bilingual Transparency: Privacy notices and consent forms must be available in Arabic. Enactia supports multi-language compliance workflows to ensure local clarity.

Power your Saudi Vision 2030 journey with Enactia. We offer local-first GRC approach with templates aligned to NDMO Data Management Standards. Request a Demo