Non-Profit Entities

Web Content Viewer

Main Categories

Registration of Non-Profit Entities

The Saudi Data & AI Authority (SDAIA) is responsible for overseeing the implementation of the Personal Data Protection Law, issued by Royal Decree No. (M/19) dated 09/02/1443 AH, and Its amendments. SDAIA also ensures Controllers compliance through building a unified national register for Controllers who process personal data within the Kingdom, including, Public and Private Controllers, Non-Profit Entities, and Individuals.
Registration on Platform is done according to the cases stipulated in Article (2) of Rules Governing the National Register of Controllers within the Kingdom, which can be viewed here.

Requirements

An account on Absher platform.
Active registration on the National Center for Non-Profit Sector platform.

For further inquiries or in case of any technical issues while registering on Platform, please submit a request via Contact Us

Sign in as a Director on National Data Governance Platform.
Select Non-Profit Entity Registration.
Click on Start Service.
Sign in using the National Single Sign-On (Nafath).
Click on “Import Non-Profit entity”.
Choose the Entity in order to appoint a Representative or continue as the Entity’s Representative.

To register on the National Data Governance Platform, the representative need to follow these steps:

Select Non-Profit Entity Registration.
Click on Start Service.
Sign in as a representative through the National Single Sign-On (Nafath).
Choose the Non-Profit Entity for which you want to complete registration procedures.
Evaluate eligibility for registration according to the cases stipulated in Article (2) of Rules Governing the National Register of Controllers within Kingdom.
Complete Entity profile information.
Assess the extent to which appointing a DPO is mandatory to, according to the cases stipulated in Article (32) of Implementing Regulations of Personal Data Protection Law.
Issue a certificate for the national register for personal data protection.

no result

The purpose of the registration is to build a national register of Controllers, including public and private controllers, non-profit entities, and individuals that process personal data within the Kingdom, while supporting them by providing services related to the protection of personal data, as well as following up their compliance with the provisions of Law and its Implementing Regulations.

DPO is one or more natural persons appointed by Controller to be responsible for monitoring the implementation of the provisions of Law and its Implementing Regulations, overseeing Procedures applicable by Controller, and receiving requests relate to Personal Data in accordance with provisions of the Law and its Implementing Regulations.
Required Data to be registered:
•ID Number.
•Date of Birth.
•Official Contact Information (Mobile Number and Official E-Mail).

Take the Assessment Test here to find out whether or not it is mandatory to appoint a DPO.

Personal Data Protection Officer (DPO) or Entity's Representative is authorized to use Platform's Services, in case Controller is not required to appoint a DPO, according to the the cases stipulated in Article (32) of the Implementing Regulations of PDPL.

•Entity Official E-Mail.
•Entity Official Contact Number.
•Entity Address.
•Entity Logo.

Currently there is no registration fee.

Controller shall be notified thirty (30) days prior to expiration date of the registration certificate. The certificate may be renewed after that.

Another certificate shall be issued with the old registration number and a new issue date.

The public can use the National Registry for Personal Data Protection search service by entering Entity Name or Registration Number.

Registration Certificates are publicly available and contain the following information:

•Registration Serial Number.
•Entity Name.
•Entity Logo.
•Entity Official E-mail.
•Entity Official Contact Number.
•Primary Address.
•Issue and Expiration Date.
•QR Code.

Platform allows updating previously entered official information.

Any Controller that collects and processes personal data of individuals, whether they are citizens or residents of the Kingdom of Saudi Arabia.

The Saudi data & Al Authority(SDAIA) provides Controllers with several E-Services.
Click here to view these Services

For further inquiries or suggestions or in case of any technical issues, please submit a request via Contact Us

Any public entity, natural person or private legal person that specifies the purposes and manner of processing personal data, whether the data is processed by Controller or by Processor.

Registration is mandatory in the following situations:

1.If Controller processes sensitive data.
2.If Controller’s main activity is based on processing personal data.

As stipulated in Article (2) of Rules Governing the National Register of Controllers within Kingdom. It can be viewed by clicking here.

1.Sign in as a Director on National Data Governance Platform
2.Select Non-Profit Entity Registration.
3.Click on Start Service.
4.Sign in using the National Single Sign-On (Nafath).
5.Click on “Import Non-Profit Entity”.
6.Choose the Entity in order to appoint a Representative or to continue as the Entity’s Representative.

1-Sign in as a representative through the National Single Sign-On (Nafath).
2-Choose the Non-Profit Entity for which you want to complete registration procedures.
3-Evaluate eligibility for registration according to the cases stipulated in Article (2) of Rules Governing the National Register of Controllers within Kingdom.
4-Complete Entity profile information.
5-Assess the extent to which appointing a DPO is mandatory to, according to the cases stipulated in Article (32) of Implementing Regulations of Personal Data Protection Law.
6-Issue a certificate for the national register for personal data protection.

To view the previous steps, click on Non-Profit Entities Registration

Any natural person appointed by government or private controller, non-profit to complete entity registration procedures on the Platform. when using Platform, the Representative must comply with the following:

•Complete Entity registration procedures.
•Fill out the details of DPO as stipulated in Article (7) of Rules Governing the National Register of Controllers Within Kingdom.
•View the assessment results of compliance and services provided on the Platform.
•Use the Platform services, if a Personal data protection officer has not been appointed according to the cases stipulated in Article (32) of Implementing Regulations of Personal Data Protection Law.
•Update Controller’s data on regular basis to ensure it is up-to-date.

The Saudi Data & Al Authority (SDAIA) does not require any criteria regarding the Entity’s Representative. The criteria are at the discretion of Controller.

Back Start Service

Registration of Non-Profit Entities

Main Categories

Registration of Non-Profit Entities

Requirements

What is the purpose of Registration?

What is DPO? What data is required to be registered?

Who is authorized to use Platform services?

What data is required to be added to Entity Profile?

Is there a registration fee?

Can Registration Certificate be renewed before Expiration Date?

If the Registration Certificate is renewed after its Expiration Date, is a new registration certificate issued or is the old Registration Certificate shall be activated?

Is it possible to search for Controllers in National Data Governance Platform?

What data is available to the public?

Is it possible to update profile data?

What are the target groups for registration?

What Services does Platform provide?

How to contact us?

What are Controllers?

Is registration mandatory?

What are the steps for appoint an Entity Representative?

What are the steps to complete Entity registration on Platform?

What is an Entity Representative?

Are there specific criteria for appointinga representative?