PDPL Compliance Implementation

PDPL Compliance Specialist / Data Protection Officer (PDPL Implementation)

Department: Compliance / Governance / Information Security

Location: Saudi Arabia

Reports To: Compliance Manager / Data Protection Officer / Senior Management

Job Summary

The PDPL Compliance Specialist is responsible for supporting the organization in implementing and maintaining compliance with the Personal Data Protection Law (PDPL) of Saudi Arabia. The role ensures that all personal data is collected, processed, stored, and shared in accordance with legal requirements and organizational policies. This includes developing documentation, conducting assessments, maintaining records, and creating awareness across the organization.

Key Responsibilities

1. PDPL Implementation & Governance

• Support the development and rollout of the organization’s PDPL compliance program.

• Ensure policies, procedures, and practices align with PDPL requirements.

• Maintain documentation required for compliance and regulatory reporting.

2. Record of Processing Activities (RoPA)

• Assist departments in documenting personal data processing activities.

• Maintain an up-to-date RoPA across the organization.

• Validate data types, retention periods, and processing purposes.

3. Data Mapping & Data Flow Understanding

• Identify personal data flows within systems, processes, and applications.

• Support development of data flow diagrams and mapping exercises.

• Highlight points where personal data is shared, stored, or transferred.

4. Policies & Procedures

• Assist in drafting and updating privacy-related policies such as:

o Privacy Notice

o Data Retention Policy

o Data Breach Management Procedure

o DPIA Procedure

o Third-Party Data Processing Policy

• Ensure policies reflect organizational practices and PDPL obligations.

5. Data Protection Impact Assessments (DPIA)

• Support the DPIA process for new projects, systems, or services.

• Identify risks related to personal data and recommend mitigation actions.

• Track completion of corrective measures.

6. Third-Party Compliance

• Review third-party data processing arrangements.

• Ensure contracts and agreements include PDPL-compliant data protection clauses.

• Monitor third-party obligations and documentation.

7. Incident & Data Breach Handling

• Support the breach identification and reporting process.

• Maintain breach logs and coordinate follow-ups.

• Ensure breaches are handled according to internal procedures and legal timelines.

8. Awareness & Training

• Assist in creating awareness sessions on PDPL requirements.

• Prepare basic training material for employees.

• Promote responsible data handling practices.

9. Monitoring & Reporting

• Conduct periodic reviews to assess compliance levels.

• Prepare reports on PDPL implementation status for management.

• Track action items and improvement plans.

Qualifications & Skills

Education

• Bachelor’s degree in IT,Business, Cybersecurity, or related field.

Technical Knowledge

• Basic understanding of data protection principles and PDPL requirements.

• Familiarity with privacy best practices and information security fundamentals.

Soft Skills

• Strong communication and coordination skills.

• Good analytical, documentation, and organizational abilities.

• Ability to work with cross-functional teams.

Experience

• 2–5 years of experience in compliance, data protection, governance, cybersecurity, or auditing.

• • Exposure to PDPL, GDPR, or other privacy regulations is an advantage.

Drop your CV on bilal.h@leveluparab.com