SDAIA & Personal Data Protection Compliance
XiKey is designed to meet all requirements of the Saudi Data & AI Authority (SDAIA) and the Personal Data Protection Law (PDPL)
Compliance Overview
XiKey is built from the ground up to comply with Saudi data and privacy regulations
Personal Data Protection Law
Full compliance with Royal Decree No. M/19 and its Implementing Regulations
CompliantAI Ethics Principles
Adhering to SDAIA's 7 AI Ethics Principles
AdheredNational Data Governance
Aligned with the National Data Governance Interim Regulations
AlignedBuilt-in PDPL Compliance Features
Built-in features to help you automatically comply with the Personal Data Protection Law
Role-Based Access Control
Multi-level permission system ensures each user accesses only authorized data, with complete logging of all access attempts.
Complete Audit Trail
Automatic logging of all operations: creation, modification, deletion, and viewing of data with timestamps and user identity.
Data Encryption
Encryption of sensitive data at rest and in transit using encryption standards approved by the National Cybersecurity Authority (NCA).
On-Premise Storage
All business data is stored exclusively on your local servers within the Kingdom. No cross-border data transfers.
Retention Period Management
Configurable data retention policies for each data type, with automatic deletion when the retention period expires.
Compliance Reports
Ready-made reports to demonstrate compliance to SDAIA and regulatory authorities, including processing records and impact assessments.
Breach Notification
Built-in mechanism for detecting unauthorized access attempts and sending immediate notifications to administrators.
Data Subject Rights
Built-in tools to facilitate responding to data subject requests: access, rectification, deletion, and processing restriction.
Our Commitment to AI Ethics Principles
We adhere to SDAIA's 7 AI Ethics Principles across all our operations
Our system treats all users fairly without discrimination based on gender, race, or nationality.
Personal data protection is embedded in the core system design with advanced encryption and granular permissions.
Technology serving humanity - our system empowers teams to perform their tasks more efficiently.
E-invoicing reduces paper consumption, and automation reduces waste and loss.
Extensively tested and reviewed system with automatic backups and recovery mechanisms.
Complete audit trail documenting every operation, providing full transparency in data processing.
Designated Data Protection Officer with clear channels for reporting and complaints.
Data Governance
Comprehensive data governance framework aligned with national regulations
Data Stays in the Kingdom
All business data stored locally on customer servers. No transfer outside Kingdom borders.
Processing Records
Comprehensive record of all data processing operations with export capability for regulatory authorities.
Impact Assessment
Tools for conducting Data Protection Impact Assessments (DPIA) as required by the Implementing Regulations.
Regulatory Framework
Personal Data Protection Law (PDPL)
Royal Decree No. M/19, dated 9/2/1443H - The fundamental framework for personal data protection in Saudi Arabia.
Learn more at sdaia.gov.sa βPDPL Implementing Regulations
Detailed rules for implementing the PDPL, including consent procedures and data processing.
Learn more at sdaia.gov.sa βCross-Border Data Transfer Regulation
Conditions and controls for transferring personal data outside the borders of Saudi Arabia (Article 29).
Learn more at sdaia.gov.sa βAI Ethics Principles
Seven fundamental principles guiding the responsible use and development of AI technologies.
Learn more at sdaia.gov.sa βAI Adoption Framework
Comprehensive methodology for adopting AI technologies in organizations while ensuring compliance and ethics.
Learn more at sdaia.gov.sa βHave Compliance Questions?
Our team is ready to help you understand how XiKey can meet your organization's compliance requirements.
Data Protection Officer: [email protected]