The National Data Management Office (NDMO) is the national regulatory authority in the Kingdom of Saudi Arabia (KSA), which has established requirements for implementing and governing practical data management standards based on the National Data Management and Personal Data Protection Framework.

The NDMO framework aims to regulate the collection, processing, storage, and transfer of personal data by public and private organizations in KSA. This framework includes all individuals and entities that collect, process, store, or transfer personal data in KSA. The standards include controls and specifications across 15 Domains presented in the framework that spans the data lifecycle from creation, storage, movement, usage, and deletion.

BigID Capabilities for NDMO Compliance (15 Domains)

BigID enables enterprises to establish core competencies to meet NDMO framework requirements by allowing privacy, security, and data governance teams to inventory, account and report on how they collect and process personal information.

The BigID platform can discover all personal and sensitive KSA information by identity, map the data relationships across sources and visualize how data flows across their infrastructure to comply with the Personal Data Protection Law (PDPL) and better protect data.

NDMO Controls & Specifications [Definitions]

  1. Data Governance: Data Governance provides the authority and control over the planning and implementation of the organization’s data management practices through people, processes, and technologies to provide consistent and proper handling of the organization’s data assets in alignment to its Data Management and Personal Data Protection Strategy
  2. Data Catalog and Metadata: Data Catalog and Metadata focuses on enabling an effective access to high-quality integrated metadata. The access to metadata is supported by use of the Data Catalog automated tool acting as the single point of reference to the organizations’ metadata.
  3. Data Quality: Data Quality focuses on improving the quality of the organization’s data, ensuring that data is fit for purpose based on consumers’ requirements
  4. Data Operations: The Data Operations domain focuses on the design, implementation, and support for data storage to maximize data value throughout its lifecycle from creation/acquisition to disposal.
  5. Document & Content Management: Document and Content Management involves controlling the capture, storage, access, and use of documents and content stored outside of relational databases.
  6. Data Architecture and Modeling: Data Architecture and Modelling focuses on establishment of formal data structures and data flow channels to enable end to end data processing across and within entities.
  7. Reference and Master Data Management: Reference and Master Data Management links all critical data to a single master file, providing a common point of reference for all critical data.
  8. Business Intelligence and Analytics: Business Intelligence and Analytics focuses on analyzing organization’s data records to extract insight and to draw conclusions about the information uncovered.
  9. Data Sharing and Interoperability: Data Sharing and Interoperability involves the collection of data from different sources and consists of integration solutions fostering a harmonious internal and external communication between various IT components. Data Sharing and Interoperability also covers a Data Sharing process that enables an organized and standardized exchange of data between entities.
  10. Data Value Realization: Data Value Realization involves the continuous evaluation of data assets for potential data-driven use cases that generate revenue or reduce operating costs for the organization.
  11. Open Data: Open Data focuses on the organization’s data which could be made available for public consumption to enhance transparency, accelerate innovation, and foster economic growth.
  12. Freedom of Information: Freedom of Information domain focuses on providing Saudi citizens access to government information, portraying the process for accessing such information, and the appeal mechanism in the event of a dispute.
  13. Data Classification: Data Classification involves the categorization of data so that it may be used and protected efficiently. Data Classification levels are assigned following an impact assessment determining the potential damages caused by the mishandling of data or unauthorized access to data.
  14. Personal Data Protection: Personal Data Protection focuses on the protection of a subject’s entitlement to the proper handling and non-disclosure of their personal information.
  15. Data Security and Protection: Data Security and Protection focuses on the processes, people, and technology designed to protect the entity’s data, including, but not limited to authorized access to data, avoidance of spoliation, and safeguarding against unauthorized disclosure of data. This domain is under the mandate of the Saudi National Cybersecurity Authority.
Meeting NDMO Specifications with BigID - NDMO Compliance in Saudi Arabia
Download guide.

Mapping NDMO Requirements to BigID

  1. Data Governance: BigID provides collaboration for stewardship through AI Automation for efficient, consistent, and scalable data governance to identify personal data, protect information, and mitigate risk.
  2. Data Catalog and Metadata: BigID’s data catalog provides a complete registry of data assets with context to increase data value and decrease data risk. With BigID, organizations can Identify sensitive and personal information, discover ungoverned assets, and identify open access to vulnerable data.
  3. Data Quality: BigID’s Data Quality proactively analyzes and communicates data quality for insights across all of your data in any data source on premises or in the cloud. Leverage dynamic profiling across all data for ongoing monitoring, timely notifications, and relevant data quality scores.
  4. Data Operations: BigID Data Lifecycle Management (DLM) simplifies and automates data lifecycle management from retention to deletion. Accurately find, classify, catalog, and tag your data and easily enforce governance & control.
  5. Document and Content Management: BigID provides a holistic picture of an organization’s entire data landscape. BigID can identify and analyze data in all forms, including unstructured data like documents, images, and audio files— allowing businesses to understand their data, even in complex environments with multiple data sources and storage locations.
  6. Data Architecture and Modeling: BigID Data Flow Mapping module facilitates the automated and collaborative building of an inventory of processing activities that are needed in order to provide a full record of personal data processing activities.
  7. Reference and Master Data Management: With BigID, organizations get consistent data quality insights in a single view across all of their data in any data source on-premises or in the cloud. Automatically and accurately discover, inventory, validate, and map the data: including PI, sensitive data, regulated data, financial data, and more.
  8. Business Intelligence and Analytics: Discover, document, and report on data processing activities to assess data assets, security, risk, locations, third-party sharing, and cross-border data transfers with BigID.
  9. Data Sharing and Interoperability: BigID is an open platform designed to facilitate more meaningful exchanges between systems at its core. BigID helps to manage, monitor, and validate third-party data transfers, and comply with regulatory requirements.
  10. Data Value Realization: Leverage continuous data lifecycle management to provide the data-driven insights needed to help reduce cost and boost revenue with BigID.
  11. Open Data: BigID provides a comprehensive consumer privacy rights report that incorporates the location of data, how the data relates to a consumer, what categories of data are collected, and the justification for collection.
  12. Freedom of Information: BigID’s self-service privacy portal – with customizable features to enable organizations to manage data rights requests and privacy preferences, including request type, deletion workflows, regulation timelines, and remediation, all in one place.
  13. Data Classification: BigID’s advanced data classification automatically finds, identifies, and classifies regulated data like PCI and HIPAA, personal data including PII and contextual PI, NPI data, credentials, passwords, security keys, IP data, and document types.
  14. Personal Data Protection: BigID provides PIA industry-standard templates to estimate the risk within the data inventory to comply with PDPL and other regulations—taking into account the nature, scope, context, and purposes and severity for the rights and freedoms of individuals. Also, leveraging the data flow mapping and the inventory provide the documentation
    for proof of compliance.
  15. Data Security and Protection: With BigID, organizations can identify vulnerabilities, remediate high-risk, sensitive, and regulated data, reduce the attack surface, and track & manage risk. Proactively monitor and mitigate potential insider risk with risk investigation, data minimization, and remediation.

BigID Addresses NDMO Frameworks’ most challenging requirements

BigID uses identity correlation to find personal data, and correlate it to the data subject. This allows BigID to deliver unique capabilities for compliance with the NDMO and PDPL requirements, such as:

Schedule a demo to see how BigID can help your organization navigate full compliance with NDMO requirements.