Question 1

What is PDPL and why does it apply to thermal receipts?

Accepted Answer

Saudi Arabia's Personal Data Protection Law (PDPL) came into full force in September 2024 and is enforced by SDAIA. Thermal receipts that contain customer phone numbers, names, or loyalty IDs are personal data under the law. Printing, storing, or discarding them without consent logs, retention policies, and breach procedures is a PDPL violation subject to fines up to SAR 5 million.

Question 2

How much are PDPL fines in Saudi Arabia?

Accepted Answer

PDPL fines reach up to SAR 5,000,000 per violation and can be doubled for repeat offenders. SDAIA has already issued 48+ enforcement decisions. Organizations must notify SDAIA of a breach within 72 hours.

Question 3

How does Wateer make a merchant PDPL-ready?

Accepted Answer

Wateer replaces thermal printers with digital receipts delivered via NFC or QR. Every receipt is logged with consent, encrypted at rest, structured the way SDAIA expects, and exportable on demand. Integration with any major Saudi POS takes 4 to 5 minutes and covers ZATCA e-invoicing at the same time.

Question 4

Does Wateer cover ZATCA e-invoicing as well?

Accepted Answer

Yes. Wateer is ZATCA-aligned end-to-end. A single integration covers both PDPL and ZATCA — no second vendor, no second legal review.

Data Breach Notification

Sources

Related terms

PDPL

SDAIA

Data Protection Officer (DPO)