Web Content Viewer

Government Entities Registration

Government Entities Registration

The Saudi Data & AI Authority (SDAIA) is responsible for overseeing the implementation of the Personal Data Protection Law (PDPL), issued by Royal Decree No. (M/19) dated 09/02/1443 AH, and its amendments. SDAIA also ensures controllers' compliance by building a unified national register for controllers who process personal data within the Kingdom of Saudi Arabia.

Requirements

Government entities are mandated to send an official letter to the Saudi Data & AI Authority (SDAIA) requesting registration and furnishing all requisite information pertaining to their designated representative.
Upon receipt, SDAIA shall proceed with the immediate establishment of a dedicated account for the respective entity. Concurrently, a notification will be transmitted to the authorized representative, granting access to the platform to complete the registration procedures.
In instances where the entity's account has not been successfully provisioned, direct communication may be initiated via email at info@ndmo.gov.sa.
For any inquiries or technical issues encountered during the registration process on the platform, please submit a request via the "Contact Us" option.

  • Select "Register Government Entities": The representative shall select the "Government Entities" option available on the platform.
  • Initiate the Service: The representative shall click "Start Service" to begin the registration process.
  • Sign in: The representative shall sign in via the National Single Sign-On (Nafath).
  • Complete the Profile Information: The representative is required to complete all mandatory information within both the entity's and the representative's profiles.
  • Eligibility Assessment for Data Protection Officer (DPO) Appointment: The representative must determine the mandatory requirement for appointing a DPO, in accordance with the conditions stipulated in Article (32) of the PDPL Implementing Regulation.
  • Certificate Issuance: Upon the successful completion of all preceding steps, the National Personal Data Protection Register Certificate will be duly issued to the entity.

The Rules Governing the National Register of Controllers Within the Kingdom

Download File View Details

The registration service in the National Data Governance Platform aims to build a unified national register, for implementation of the requirements of PDPL and its Implementing Regulations, to ensure effective control over entities' compliance with relevant regulatory requirements.

Any entity that collects and processes the personal data of individuals, either citizens or residents of the Kingdom of Saudi Arabia, in accordance with Article (2) of the Registration Rules

Registration is mandatory in the following cases:

  1. If the controller is a public entity.
  2. If the controller's primary activity involves processing of personal data.
  3. If the controller processes sensitive data.
  4. If an individual’s personal data processing for purposes that go beyond personal or family use.

As stipulated in Article (2) of Registration Rules.


Government Entity delegate

The Entity’s delegate: the one who represents the entity with the following obligations:

  • Complete the entity's registration procedures in the National Data Governance Platform.
  • Appointment or reappointment of a DPO, when needed.
  • View the assessments and services provided in the National Data Governance Platform.

Needed Data to be registered:

  • ID number.
  • Date of birth.
  • Contact information (Mobile Number, email).

Government entities fill out the registration forms sent by the Saudi Authority for Data and Artificial (SDAIA) and then the account will be created for the entity's delegate by the SDAIA then a notification will be sent to them. Accordingly, the delegate will complete the registration process, which includes signing in through the National Single Sign-On (Nafath), completing the entity’s profile information, assessing whether assigning a personal data protection officer to the entity is mandatory, and issuing the registration certificate.

The steps can also be viewed in a simplified manner by clicking on Government Entities Registration

DPO is responsible for the entity’s commitment to implement the provisions of PDPL and Regulations without prejudice to the obligations stipulated in the Implementing Regulations of PDPL, and the entity shall appoint one or more persons to undertake the roles of DPO.

Needed Data to be registered:

  • ID number.
  • Date of birth.
  • Contact information (Mobile Number, email).

Click here for an assessment to identify whether or not the appointment of a DPO is mandatory.

The DPO shall comply with each of the following:

  • Following up on the entity's commitment to PDPL and its Implementing Regulations.
  • Identifying the personal data processing activities carried out by the entity in the National Data Governance Platform and evaluating them through the services provided.
  • Notifying the Competent Authority of data breach, damage, or illegal access.
  • Conducting assessments to measure the entity's compliance and making the privacy impact assessment.

The public can use the search service in the National Register for Personal Data Protection after entering the entity's name or registration number. This is required to verify the entity's registration in the national data governance Platform to raise the level of the trust in their provided services.

No registration fee

SDAIA provides several services to the providers of the personal data processing activities which serve individuals, government and private entities in various sectors.

Click here to view the list of e-services

You can contact us via e-mail Registration@ndmo.gov.sa

If you have any technical issues or suggestions please submit a request via contact us option

Start Service