Saudi Arabia E-Commerce Law
Get compliant with the most comprehensive PrivacyOps platform.
Download the book today!
On January 31, 2020, the government of Saudi Arabia issued the Executive Regulations to the Saudi E-Commerce Law 2019 (“ECL”) that was in effect since October 2019. The Executive Regulations together with the ECL (“Law”) aim to protect consumers’ personal data by requiring organizations to take appropriate technical and administrative measures.
The solution
SECURITI.ai enables organizations to comply with the ECL through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
SECURITI.ai supports enterprises in their journey toward compliance with the ECL through automation, enhanced data visibility, and identity linking.
See how our comprehensive PrivacyOps platform helps you comply with various sections of ECL
Automate processing of rectification requests
ECL Article: 4
Fulfill data rectification requests, seamlessly, with the help of automated data subject verification workflows across all appearances of a data subject’s personal data.
Automate erasure requests
ECL Article: 4
Fulfill data subject’s’ erasure requests through automated and flexible workflows.
Continuous monitoring and tracking
ECL Article: 5
Keep track of risks against non-compliance to data subjects’ rights by continuously monitoring and scanning consumer personal data.
Automate People Data Graph
ECL Article 18(2)(h)
Discover personal information stored across all your systems within the organization and link them back to a unique consumer. Also, allowing visualization of personal data sprawl and identifying compliance risks.
Monitor and track consent
ECL Article: 5(3)
Track consents of consumers and their revocations to ensure that no data is retained for any purposes other than it was originally consented for.
Assess ECL readiness
ECL Articles: 5(1) and 5(2)
Measure your organization's posture against ECL requirements with the help of our multi-regulation, collaborative, readiness and privacy impact assessment system. Seamlessly expand assessment capabilities across your intermediary platforms to maintain compliance against ECL requirements.
Map data flows
ECL Article: 5(2)(e) and 18
Track, manage and monitor privacy and security readiness for all service providers and intermediary platforms from a single interface. Collaborate instantly, automate data requests and manage all vendor contracts and compliance documents.
Manage vendor risk
ECL Article: 5(2)(e) and 18
Track, manage and monitor privacy and security readiness for all service providers and intermediary platforms from a single interface. Collaborate instantly, automate data requests and manage all vendor contracts and compliance documents.
Breach Response Notification
ECL Article: 5(2)(c) and 18(2)(g)
Automate compliance actions and breach notifications to concerned stakeholders with regards to security incidents by leveraging a knowledge database on security incident diagnosis and response.
key data subject rights encoded within ECL
Rectification: The consumer has the right to correct an error in electronic communications if the consumer notifies the service provider of the error within 24 hours of the time the electronic communications are sent.
Information: The consumer has the right to know identifying information and contact details of the service provider and e-store and the characteristics of services or goods provided electronically.
Revocation: The consumer has the right to request suspension or unsubscribe from electronic advertisements.
Termination: Consumers have the right to cancel any e-contract within 7 days of the delivery of products or services provided that those products or services are not used. Consumers can also terminate any e-contract if delivery of the products or services is delayed beyond 15 days.
Purpose: A controller cannot use consumers’ personal data for any other purpose without the express consent of the consumer, other than the purpose it was obtained for.
Quick facts about ECL
The ECL is considered a historical phase for Saudi Arabia in its national economy.
The ECL applies to e-commerce service providers providing goods or services to consumers in Saudi Arabia, even if they are NOT based in Saudi Arabia.
Under the ECL, service providers must notify the Ministry of Commerce and Investment if a personal data breach takes place within three days from the knowledge of the breach.
The severity of penalties depends on the nature of the violation, ranging from a fine up to a maximum of one million Saudi Riyals.
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2022 Securiti · Sitemap · XML Sitemap
Newsletter
Get in touch
[email protected]
3031 Tisch Way Suite 110 Plaza West, San Jose,
CA 95128
