The Gulf Corridor.
A rapidly evolving regulatory landscape across the Kingdom of Saudi Arabia, UAE, and specialized financial zones. Navigating Vision 2030, SDAIA mandates, and the unique dual-layer system of federal law and free zone regulations.
Jurisdictional Landscape
Saudi Arabia
SDAIA
Data Localization & AI Strategy
UAE Federal
UAE Data Office
Cross-Sector Governance
DIFC
DIFC Commissioner
Financial Services
ADGM
Registration Authority
Financial Hub Compliance
Saudi Arabia PDPL
The Personal Data Protection Law (PDPL), enforced by the Saudi Data & AI Authority (SDAIA), represents the Kingdom's shift toward a data-driven economy under Vision 2030.
Key provisions include strict data localization requirements for sensitive data, mandatory registration with SDAIA, and cross border transfer restrictions requiring adequacy determinations.
Key Obligations
- • Data Protection Officer appointment (mandatory for large processors)
- • Consent requirements aligned with international standards
- • 72-hour breach notification to SDAIA
- • Data Subject rights (access, rectification, erasure)
Penalties
Up to SAR 5 Million for violations, with potential criminal liability for severe breaches.
UAE: The Dual-Layer System
The UAE operates a unique system where Federal Law applies generally, while specialized Financial Free Zones (DIFC, ADGM) maintain their own GDPR-aligned regimes.
Federal Law No. 45
Covers all UAE-based processing outside free zones. Enforced by the UAE Data Office.
DIFC Data Protection
GDPR-adjacent regime for financial services hub. Common-law jurisdiction with English-speaking courts.
ADGM DPR 2021
Abu Dhabi Global Market's comprehensive regime. Strong alignment with UK ICO guidance.
Entering the Gulf Market?
Our Dubai and Riyadh teams provide end to end compliance support for SDAIA registration, DIFC establishment, and cross border data flow structuring.
Get in Touch