Compliance Framework for Personal Data Protection Law Standards

Personal data protection laws are crucial for protecting individual privacy in a data-driven world. To this end, the Kingdom of Saudi Arabia has published the Personal Data Protection Law (PDPL), which aims to empower individuals to manage and control their personal information more securely and effectively. However, data management ecosystems that process such data face challenges directly applying PDPL due to difficulties translating legal provisions into a technological context. Furthermore, non-compliance with PDPL can result in financial, legal, and reputational risks. To address these challenges, this paper developed an approach for legal compliance with PDPL through a framework that analyses and translates legal terms into measurable data management standards. The framework guides data management ecosystems in implementing and complying with PDPL requirements and covers all integral parts of data management. To demonstrate the practical application of this approach, a case study utilized two advanced deep learning models, MARBERTv2 and AraELECTRA, to enhance privacy policy adherence in Saudi Arabian websites with PDPL requirements. The results are highly promising, with MARBERTv2 achieving a micro-average F1-score of 93.32% and AraELECTRA delivering solid performance at 92.46%. This underscores the effectiveness of deep learning models in facilitating PDPL compliance.