2.4 KSA Policy & Regulation on Personal Data Protection PDF
Document Details
Uploaded by CommendableMorningGlory3698
Arab Open University
Tags
Summary
This document details Saudi Arabia's policy and regulation on personal data protection, relevant to geospatial information (GI). It outlines objectives, the law, and the framework for protecting personal data.
Full Transcript
29/09/2024 Objectives 01 The Law...
29/09/2024 Objectives 01 The Law 02 The Framework 03 2.4: Saudi policy and regulation on data protection and privacy relevant to GI 1 2 1 2 Objectives Law, regulation and standards 01 The Law 02 The Framework 03 3 4 3 4 29/09/2024 Law, regulation and standards Law, regulation and standards Personal Data: Any data, regardless of its source Personal Data: Any data, regardless of its source or form, that may lead to identifying an or form, that may lead to identifying an individual specifically, or that may directly or individual specifically, or that may directly or indirectly make it possible to identify an indirectly make it possible to identify an individual, including name, personal individual, including name, personal identification number, addresses, contact identification number, addresses, contact numbers, license numbers, records, personal numbers, license numbers, records, personal assets, bank and credit card numbers, photos assets, bank and credit card numbers, photos and videos of an individual, and any other data and videos of an individual, and any other data of personal nature. of personal nature. 5 6 5 6 Data Controller Essentials of the law اﻷسس النظامية لمعالجة البيانات الشخصية وفقا ً لنظام حماية البيانات الشخصية Any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and المسوغ/المشروعية means of the processing of personal data and/or carries out processing الحد اﻷدنى للبيانات directly or through a Data Processor. :تحديد الغرض النظامي واﻹنصاف :الشخصية :والشفافية حماية البيانات :مدة اﻻحتفاظ بالبيانات :الشخصية 7 8 7 8 29/09/2024 Essentials of the law Objectives 01 The Law المسوغ/المشروعية الحد اﻷدنى للبيانات :تحديد الغرض النظامي واﻹنصاف 02 The Framework :الشخصية :والشفافية 03 حماية البيانات :مدة اﻻحتفاظ بالبيانات :الشخصية 9 10 9 10 Plan The Entity shall conduct an Initial Personal Data Protection Assessment and establish a Personal Data Protection Plan to address privacy strategic and operational requirements. 11 12 11 12 29/09/2024 Training and Awareness Data Breach The Entity shall conduct the Personal Data Data breach management process Protection training for every employee. Data breach notification The training shall include: 1. Importance of Personal Data Protection. 2. Definition of Personal Data. 3. Data Subject Data Rights. 4. Entity and Data Subject Responsibilities. 5. Notifications. This Photo by Unknown Author is licensed under CC BY 13 14 13 14 Example breach management process Personal data protection Privacy Notice and Consent Management. Data Subject Rights. 1. Right to be informed 2. Right to access 3. Right to rectification 4. Right to erasure 5. Right to object 6. Right to restrict processing 7. Right to data portability Personal Data Protection Risk Assessments Compliance Monitoring and Audit 15 16 15 16 29/09/2024 Objectives Geospatial issues that support privacy Some geospatial Information can be an indirect enabler - addressing. 01 The Law At what level of disaggregation and positioning is precise location an issue in identifying individuals? 02 The Framework Movement data on individuals. Location information about people collected in so many ways. Power of integrated spatial information can potentially lead to unforeseen privacy 03 vulnerabilities. Drones and EO: Regulate the platform or the data collected. Impact of technologies like AI, facial recognition etc. https://dgp.sdaia.gov.sa/wps/portal/pdp/home Public interest v reasonable expectation of privacy 17 18 17 18 Questions? 2.4: Saudi policy and regulation on data protection and privacy relevant to GI 19 19