المملكة: Disclosure and evaluation… 12 rules for accreditation certificates in protecting personal data
The Authority specified the general requirements for granting the accreditation certificate, including that the personal data processing activities used by the applicant were carried out in accordance with practices and procedures compatible with the provisions of the law and regulations, based on an evaluation conducted by the licensed entity; According to what is issued by the competent authority in this regard.
Processing of personal data
She stressed the need to disclose any previous complaints against the applicant arising from the application of the provisions of the system and regulations, and to confirm that there are no existing complaints during the period of submission of the accreditation certificate application, and to disclose any violations of the provisions of the system or regulations that were previously monitored by the competent authority.
It stressed the availability of supporting technical tools for the applicant to carry out personal data processing and protection activities in accordance with the provisions of the law and regulations, in addition to doing so by legally and technically qualified workers who have experience in the regulatory aspects of personal data protection and the technical aspects of personal data protection procedures and practices, no less than About 5 years of work practice in these fields.
She pointed out the need for the availability of approved documents that clarify the organizational, administrative and technical procedures, means and practices followed when processing personal data, including the measures used to ensure the security of personal data.
The rules document stipulates that the entity to which the accreditation certificate was issued is committed to working to continuously train and develop the relevant workers in the areas of personal data processing in accordance with the provisions of the law and regulations, and to support them in obtaining professional certificates in this field to ensure raising their efficiency.
Obtaining an accreditation certificate
If an entity outside the Kingdom obtains an accreditation certificate, the entity is obligated to notify the licensed entity in the event of any change in the regulatory requirements or practices of the country that conflict with any of the requirements and requirements for obtaining an accreditation certificate.
It obliges the licensed entity to conduct audits and evaluations – once a year or whenever the need arises – to ensure that the entity to which the accreditation certificate was issued adheres to the provisions of the system, regulations, stipulations and requirements stipulated.
The document allowed the competent authority to direct the licensed entity to re-evaluate the suitability of continuing the validity of the accreditation certificate in the event that the entity obtaining the accreditation certificate violates any of the provisions of the law and regulations or the conditions and requirements stipulated in Articles “Third” and “Fourth” of these rules.
If the processing authority outside the Kingdom is issued an accreditation certificate in accordance with these rules, it is obligated to cooperate with the competent authority and the licensed authority regarding any requests related to the personal data protection system, its implementing regulations, and these rules.
The document stressed the obligation of employees of the licensed entity to disclose any actual or potential conflict of interest with the applicant.
- For more: Follow Khaleejion 24 Arabic, Khaleejion 24 English, Khaleejion 24 Live, and for social media follow us on Facebook and Twitter
