Web Content Viewer

Government Entities Registration

Government Entities Registration

The Saudi Data & AI Authority (SDAIA) supervises the application of the provisions and regulations of PDPL issued by Royal Decree No. (M/19) dated 09/02/1443 AH, and amended by Royal Decree No. (M/148) dated 05/09/1444 AH, and follows up on the commitment of entities to get registered in the Platform to build a unified national register and provide services related to data management, governance and personal data protection. Also, this service allows registrars to make an assessment determining the extent to which the entity is obliged to appoint one or more DPO in accordance with the standards set by PDPL Implementing Regulations, and thereafter the registration certificate is issued.

Requirements

The government entity fills out the registration form sent by the Saudi Data & AI Authority (SDAIA), and accordingly, an account for the entity will be created by SDAIA, and a notification will be sent to the delegate to access the Platform and complete the registration procedures. You can also communicate via e-mail (Info@ndmo.gov.sa) if the account for the entity was not created.
In case you have inquiries or technical issues to complete the registration process on the Platform, please submit the request via contact us option.

  • Login to the National Data Governance Platform
  • Select government entity registration
  • Click on Start Service
  • The entity’s delegate signs up through the national single sign-on “Nafath”
  • Complete the entity profile information
  • Evaluate the necessity of appointment of DPO through specific standards
  • Issuing a registration certificate on the Platform

The Rules Governing the National Register of Controllers Within the Kingdom

Download File View Details

The registration service in the National Data Governance Platform aims to build a unified national register, for implementation of the requirements of PDPL and its Implementing Regulations, to ensure effective control over entities' compliance with relevant regulatory requirements.

Any entity that collects and processes the personal data of individuals, either citizens or residents of the Kingdom of Saudi Arabia, in accordance with Article (2) of the Registration Rules

Registration is mandatory in the following cases:

  1. If the controller is a public entity.
  2. If the controller's primary activity involves processing of personal data.
  3. If the controller processes sensitive data.
  4. If an individual’s personal data processing for purposes that go beyond personal or family use.

As stipulated in Article (2) of Registration Rules.


Government Entity delegate

The Entity’s delegate: the one who represents the entity with the following obligations:

  • Complete the entity's registration procedures in the National Data Governance Platform.
  • Appointment or reappointment of a DPO, when needed.
  • View the assessments and services provided in the National Data Governance Platform.

Needed Data to be registered:

  • ID number.
  • Date of birth.
  • Contact information (Mobile Number, email).

Government entities fill out the registration forms sent by the Saudi Authority for Data and Artificial (SDAIA) and then the account will be created for the entity's delegate by the SDAIA then a notification will be sent to them. Accordingly, the delegate will complete the registration process, which includes signing in through the National Single Sign-On (Nafath), completing the entity’s profile information, assessing whether assigning a personal data protection officer to the entity is mandatory, and issuing the registration certificate.

The steps can also be viewed in a simplified manner by clicking on Government Entities Registration

DPO is responsible for the entity’s commitment to implement the provisions of PDPL and Regulations without prejudice to the obligations stipulated in the Implementing Regulations of PDPL, and the entity shall appoint one or more persons to undertake the roles of DPO.

Needed Data to be registered:

  • ID number.
  • Date of birth.
  • Contact information (Mobile Number, email).

Click here for an assessment to identify whether or not the appointment of a DPO is mandatory.

The DPO shall comply with each of the following:

  • Following up on the entity's commitment to PDPL and its Implementing Regulations.
  • Identifying the personal data processing activities carried out by the entity in the National Data Governance Platform and evaluating them through the services provided.
  • Notifying the Competent Authority of data breach, damage, or illegal access.
  • Conducting assessments to measure the entity's compliance and making the privacy impact assessment.

The public can use the search service in the National Register for Personal Data Protection after entering the entity's name or registration number. This is required to verify the entity's registration in the national data governance Platform to raise the level of the trust in their provided services.

No registration fee

SDAIA provides several services to the providers of the personal data processing activities which serve individuals, government and private entities in various sectors.

Click here to view the list of e-services

You can contact us via e-mail Registration@ndmo.gov.sa

If you have any technical issues or suggestions please submit a request via contact us option

Start Service