IDC Names Securiti a Worldwide Leader in Data Privacy


Saudi Arabia E-Commerce Law

Get compliant with the most comprehensive PrivacyOps platform

Last Updated on April 27, 2023

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


On January 31, 2020, the government of Saudi Arabia issued the Executive Regulations to the Saudi E-Commerce Law 2019 (“ECL”) that was in effect since October 2019. The Executive Regulations together with the ECL (“Law”) aim to protect consumers’ personal data by requiring organizations to take appropriate technical and administrative measures.

The solution enables organizations to comply with the ECL through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

US California CCPA supports enterprises in their journey toward compliance with the ECL through automation, enhanced data visibility, and identity linking.

See how our comprehensive PrivacyOps platform helps you comply with various sections of ECL


data rectify request

Automate processing of rectification requests

ECL Article: 4

Fulfill data rectification requests, seamlessly, with the help of automated data subject verification workflows across all appearances of a data subject’s personal data.

Automate erasure requests

ECL Article: 4

Fulfill data subject’s’ erasure requests through automated and flexible workflows.

data erasure request
personal data monitoring tracking

Continuous monitoring and tracking

ECL Article: 5

Keep track of risks against non-compliance to data subjects’ rights by continuously monitoring and scanning consumer personal data.

Automate People Data Graph

ECL Article 18(2)(h)

Discover personal information stored across all your systems within the organization and link them back to a unique consumer. Also, allowing visualization of personal data sprawl and identifying compliance risks.

personal information data linking
consent preference management

Monitor and track consent

ECL Article: 5(3)

Track consents of consumers and their revocations to ensure that no data is retained for any purposes other than it was originally consented for.

Assess ECL readiness

ECL Articles: 5(1) and 5(2)

Measure your organization's posture against ECL requirements with the help of our multi-regulation, collaborative, readiness and privacy impact assessment system. Seamlessly expand assessment capabilities across your intermediary platforms to maintain compliance against ECL requirements.

Assess GDPR readiness
map data flows

Map data flows

ECL Article: 5(2)(e) and 18

Track, manage and monitor privacy and security readiness for all service providers and intermediary platforms from a single interface. Collaborate instantly, automate data requests and manage all vendor contracts and compliance documents.

Manage vendor risk

ECL Article: 5(2)(e) and 18

Track, manage and monitor privacy and security readiness for all service providers and intermediary platforms from a single interface. Collaborate instantly, automate data requests and manage all vendor contracts and compliance documents.

manage vendor risk
breach response notification

Breach Response Notification

ECL Article: 5(2)(c) and 18(2)(g)

Automate compliance actions and breach notifications to concerned stakeholders with regards to security incidents by leveraging a knowledge database on security incident diagnosis and response.

key data subject rights encoded within ECL

Rectification: The consumer has the right to correct an error in electronic communications if the consumer notifies the service provider of the error within 24 hours of the time the electronic communications are sent.

Information: The consumer has the right to know identifying information and contact details of the service provider and e-store and the characteristics of services or goods provided electronically.

Revocation: The consumer has the right to request suspension or unsubscribe from electronic advertisements.

Termination: Consumers have the right to cancel any e-contract within 7 days of the delivery of products or services provided that those products or services are not used. Consumers can also terminate any e-contract if delivery of the products or services is delayed beyond 15 days.

Purpose: A controller cannot use consumers’ personal data for any other purpose without the express consent of the consumer, other than the purpose it was obtained for.

Quick facts about ECL


The ECL is considered a historical phase for Saudi Arabia in its national economy.


The ECL applies to e-commerce service providers providing goods or services to consumers in Saudi Arabia, even if they are NOT based in Saudi Arabia.


Under the ECL, service providers must notify the Ministry of Commerce and Investment if a personal data breach takes place within three days from the knowledge of the breach.


The severity of penalties depends on the nature of the violation, ranging from a fine up to a maximum of one million Saudi Riyals.

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.


Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend