NORTHERN REGION CEMENT CO.
0
loading...
Data Privacy and Protection Policy

Data Privacy and Protection Policy

Website: nrc.com.sa
Effective Date: July 01, 2025

1. Consent & Lawful Basis

Obtain explicit, specific, freely given consent before any personal data processing. Allow users to withdraw consent at any time without affecting unrelated services. Assess and document if relying on legitimate interest as a legal basis.

2. Privacy Policy & Transparency

Publish a clear, concise privacy notice before collecting data. Include legal justification, purpose, type of data, recipients, retention duration, and user rights.

3. Data Subject Rights

Provide users with rights to access, correct, delete, object to processing, and withdraw consent. Ensure response within 30 days.

4. Data Minimization & Purpose Limitation

Only collect data necessary for clearly defined purposes. Avoid collecting unrelated or excessive data.

5. Security & Breach Protocols

Implement technical and organizational safeguards (e.g., encryption, access controls). Notify SDAIA within 72 hours of a breach and users if there is a high risk involved.

6. Data Protection Officer (DPO)

Appoint a DPO if processing is large-scale or involves sensitive data. The DPO should oversee compliance, impact assessments, and act as liaison with SDAIA.

7. Data Protection Impact Assessments (DPIAs)

Conduct DPIAs for high-risk processing activities. Document identified risks and mitigation strategies.

8. Record Keeping & Accountability

Maintain a Record of Processing Activities (ROPA) for at least 5 years post-processing.

9. Third-Party/Vendor Management

Ensure vendors and service providers comply with PDPL. Include confidentiality and breach reporting obligations in contracts.

10. Cross-Border Data Transfers

Obtain SDAIA adequacy approval or ensure safeguards for international data transfers. Inform users and obtain consent where required.

11. Controller Registration

Register with SDAIA and provide ROPA and other compliance documentation as required.

12. Enforcement & Penalties

Be aware that violations can lead to fines (SAR 5M+), imprisonment, or both. Ensure compliance before the grace period expires (ended Sept 14, 2024).

VIEW
Close