Princess Nourah bint Abdulrahman University seeks to ensure compliance with the provisions of the Personal Data Protection Law (PDPL) in force in the Kingdom of Saudi Arabia and its Implementing Regulations, and to safeguard the privacy and rights of its members. This policy constitutes an integral part of the University’s data governance framework.
Personal Data Protection Guiding Principles:
1. Lawfulness, Fairness, and Transparency
Personal data shall be processed in a lawful, fair, and transparent manner that enhances data subjects’ trust and enables them to understand how their data is collected and processed.
2. Data Minimization
The collection of personal data shall be limited to the minimum necessary to achieve the purposes specified in the Privacy Notice, thereby reducing potential risks associated with collecting and storing excessive amounts of data.
3. Data Quality
Personal data shall be maintained accurately, completely, and up to date, and shall be relevant and directly related to the purposes specified in the Privacy Notice.
4. Limitation of Use, Retention, and Secure Disposal
The processing of personal data shall be restricted to the purposes specified in the Privacy Notice for which the data subject has provided explicit consent. Personal data shall be retained only for as long as necessary to achieve those purposes and shall be securely disposed of in a manner that prevents leakage, loss, theft, misuse, or unauthorized access.
5. Accountability
The University emphasizes the adoption of necessary measures and the maintenance of records demonstrating compliance with the Personal Data Protection Law and its Implementing Regulations.
6. Data Security
The University shall ensure the protection of personal data against leakage, damage, loss, theft, misuse, alteration, or unauthorized access, in accordance with requirements issued by the National Cybersecurity Authority and other competent authorities, as well as the University’s cybersecurity policies and standards.
