'Most Innovative Startup 2020' by RSA - Watch the pitch video

View More

Saudi Arabia E-Commerce Law

Get compliant with the most comprehensive PrivacyOps platform.

Download the book today!

PrivacyOps - Automation & Orchestration for Privacy Compliance
Download Book
Available in PDF

On January 31, 2020, the government of Saudi Arabia issued the Executive Regulations to the Saudi E-Commerce Law 2019 (“ECL”) that was in effect since October 2019. The Executive Regulations together with the ECL (“Law”) aim to protect consumers’ personal data by requiring organizations to take appropriate technical and administrative measures.

The solution

SECURITI.ai enables organizations to comply with the ECL through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

securiti dashboard

SECURITI.ai supports enterprises in their journey toward compliance with the ECL through automation, enhanced data visibility, and identity linking.

See how our comprehensive PrivacyOps platform helps you comply with various sections of ECL


 

data rectify request

Automate processing of rectification requests

ECL Article: 4

Fulfill data rectification requests, seamlessly, with the help of automated data subject verification workflows across all appearances of a data subject’s personal data.

Automate erasure requests

ECL Article: 4

Fulfill data subject’s’ erasure requests through automated and flexible workflows.

data erasure request
personal data monitoring tracking

Continuous monitoring and tracking

ECL Article: 5

Keep track of risks against non-compliance to data subjects’ rights by continuously monitoring and scanning consumer personal data.

Automate People Data Graph

ECL Article 18(2)(h)

Discover personal information stored across all your systems within the organization and link them back to a unique consumer. Also, allowing visualization of personal data sprawl and identifying compliance risks.

personal information data linking
consent preference management

Monitor and track consent

ECL Article: 5(3)

Track consents of consumers and their revocations to ensure that no data is retained for any purposes other than it was originally consented for.

Assess ECL readiness

ECL Articles: 5(1) and 5(2)

Measure your organization's posture against ECL requirements with the help of our multi-regulation, collaborative, readiness and privacy impact assessment system. Seamlessly expand assessment capabilities across your intermediary platforms to maintain compliance against ECL requirements.

Assess GDPR readiness
map data flows

Map data flows

ECL Article: 5(2)(e) and 18

Track, manage and monitor privacy and security readiness for all service providers and intermediary platforms from a single interface. Collaborate instantly, automate data requests and manage all vendor contracts and compliance documents.

Manage vendor risk

ECL Article: 5(2)(e) and 18

Track, manage and monitor privacy and security readiness for all service providers and intermediary platforms from a single interface. Collaborate instantly, automate data requests and manage all vendor contracts and compliance documents.

manage vendor risk
breach response notification

Breach Response Notification

ECL Article: 5(2)(c) and 18(2)(g)

Automate compliance actions and breach notifications to concerned stakeholders with regards to security incidents by leveraging a knowledge database on security incident diagnosis and response.

key data subject rights encoded within ECL

Rectification: The consumer has the right to correct an error in electronic communications if the consumer notifies the service provider of the error within 24 hours of the time the electronic communications are sent.

Information: The consumer has the right to know identifying information and contact details of the service provider and e-store and the characteristics of services or goods provided electronically.

Revocation: The consumer has the right to request suspension or unsubscribe from electronic advertisements.

Termination: Consumers have the right to cancel any e-contract within 7 days of the delivery of products or services provided that those products or services are not used. Consumers can also terminate any e-contract if delivery of the products or services is delayed beyond 15 days.

Purpose: A controller cannot use consumers’ personal data for any other purpose without the express consent of the consumer, other than the purpose it was obtained for.

Quick facts about ECL

1

The ECL is considered a historical phase
for Saudi Arabia in its national economy.

2

The ECL applies to e-commerce service providers providing goods or services to consumers in Saudi Arabia, even if they are NOT based in Saudi Arabia.

3

Under the ECL, service providers must notify the Ministry of Commerce and Investment if a personal data breach takes place within three days from the knowledge of the breach.

4

The severity of penalties depends on the nature of the violation, ranging from a fine up to a maximum of one million Saudi Riyals.