Menu
Our programs are usually 15-40 days – we can deliver as fast as you can work with us.
With most clients, our projects take 1-3 months to deliver – we work at your pace.
We minimize disruption to your operations
Tell us a little more and we can give you a guideline estimate – but contact us for a tailored quotation. Discounts for non-profits and others available.
This is a guideline estimate only. Please contact us for an exact quotation. Discounts for non-profits and others available
This is a guideline estimate only. Please contact us for an exact quotation. Discounts for non-profits and others available
Compliance is not a one-time thing.
We don’t want you to always depend on consultants
We ask you to nominate someone as DPO. We take that person, train them, then deliver the program with them, mentoring and upskilling them so that they can take our roadmap and ensure continuous compliance.
Bilal has 15 years’ experience in data protection and has led privacy programs globally, including some of the largest tech companies in KSA.
Laura has diverse experience in many industries, from energy to education and is our resident AI governance expert. She is known for practical advice.
Records of Processing Activities are a legal requirement. A catalogue of your data, showing what you do and compliance risks. We conduct detailed interviews with your business units to understand what they do with personal data, do some discovery and then use the RoPA to manage your risks
We train and mentor your nominated DPO, using the compliance program as a learning tool. We also create all staff training and awareness messages.
These are not theoretical – we tailor these to your company set up and operations so you can manage future compliance.
This underpins what you do, responsibilities and risk appetites. It underpins the legal obligations and corporate stance.
Handy toolkits for all staff to detailed guidance for your DPO and C-Suite, a complete manual to manage issues and learn lessons.
How to handle requests from customers and staff for copies of information, withdrawal of consent, corrections or other rights.
From tender invitations, shortlisting, due diligence, risk assessments and contracts. We make sure your vendors look after your data.
Sending data outside the country is complex – we help you navigate the legal difficulties and do your transfer risk assessments.
Identification of lawful bases and we dive into your consent statements and operations to give clients control of their choices.
We look at the data protection aspects of your AI or tech development to make sure that you are compliant with privacy laws.
Marketing, whether through emails, phone calls, social media or events is covered by the law. We help you comply and keep you effective.
We write your external and staff privacy policies in clear language to promote transparency and trust. We also manage your cookies.
Privacy impact assessment are mandatory under privacy laws. We assess your high risk processing and mitigate risks
We use the SDAIA/NDMO self assessments to help you understand your compliance and issue you with a report.
Every week on a Tuesday we publish a newsletter on the PDPL. It is packed with practical insights on how to comply with the law as well as analysis of privacy trends.
We have the highest-rated introductory course to the KSA PDPL on Udemy. It is normally $19.99 but contact us for a voucher that will get you access for free.
Energy
AI
Non-profit
Manufacture
Justice
Government
Education
Commerce
Health
Digital
Saudi Arabia
The Personal Data Protection Law (issued pursuant to Royal Decree No. M/19 of 9/2/1443 H, as amended by Royal Decree No. M/148 dated 5/9/1444H) (“PDPL”)
United Arab Emirates (UAE)
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection (“PDPL”)
Bahrain
Law No. 30 of 2018 with respect to Personal Data Protection (“PDPL”)
Qatar
Law No. (13) of 2016 Concerning Personal Data Protection (“the Data Protection Law”)
Oman
Royal Decree No. 6 of 2022 promulgating the law on the protection of personal data dated 9 February 2022
Kuwait
Kuwait Law No. 20 of 2014, on Electronic Transactions (the “E-Commerce Law”) and Kuwait Law No. 63 of 2015, on Combating Cyber Crimes the (“Cybercrime Law”)
DIFC & ADGM
DIFC Law No. 5 of 2020 on Data Protection Law (“DPL”)
ADGM Data Protection Regulations 2021
UK & European Union
UK & European GDPR
A boutique consultancy of data protection experts, helping companies in the GCC comply with data protection laws.
Practical Data Protection Ltd, a company registered in the UK at 20 Wenlock Road, London N1 7GU, United Kingdom, Companies House Registration Number 15101061 is trading under the brand name GCC Data Protection.
© Practical Data Protection Ltd