Sharing Data Policy
Explore the Data Sharing Policy, which regulates how information is exchanged between entities, ensuring data security and protection during the sharing process to achieve effective and efficient use.
Sharing Data Policy
Scope
The provisions of this policy apply to data sharing operations generated by the Saudi Electricity Regulatory Authority - with other government entities, private entities, or individuals - regardless of the source, form, or nature of this data.
This policy does not apply if the data-requesting entity is a government entity and the request is for security purposes or to fulfill judicial requirements.
This policy aligns with the national data governance policies issued by the National Data Management Office, in a manner that is not contradictory, along with relevant regulations and any amendments thereto.
Main Principles of Data Sharing
First Principle: Data Sharing Culture
Each Data Source Entity shall share the data it produces in accordance with the provisions of this Policy, in order to enhance the utilization of such data and achieve integration among government entities.
Second Principle: The Single Source of Truth (SSOT)
Government entities shall collect data as a Single Source of Truth (in the context of exercising their statutory powers), with the possibility of sharing and reusing the collected data in a manner that does not conflict with any relevant regulations. This aims to reduce data duplication, inconsistencies, and disparate data sources, ensuring data integration, recency, and quality. Document Classification: 6 Public
Third Principle: Legitimate Purpose
Data sharing shall be conducted for legitimate purposes that are grounded in a legal basis or justified operational need. Such data-sharing activities shall not compromise national interests, the operations of entities, individual privacy, or environmental safety. The shared data shall be used by the Data Requester solely for the purposes specified in the data-sharing request.
Fourth Principle: Authorized Access
All Data Sharing Parties shall be authorized to access, obtain, and utilize the shared data. Such access is granted through the identification and verification of authorized personnel (when necessary, such verification is contingent upon the data's nature, classification, and sensitivity level, as outlined in the Data Classification Policy).
Fifth Principle: Transparency
All necessary information pertaining to data-sharing requests shall be made available to all Data Sharing Parties. This includes a clear description of the requested data, its classification levels (as defined in the Data Classification Policy), collection purpose, storage methods, protection controls, and destruction mechanism.
Sixth Principle: Collective Accountability
All Data Sharing Parties shall be held collectively accountable for data-sharing decisions, consistent with the roles and responsibilities outlined in the Data Document Classification: 7 Public Sharing Agreement or applicable controls, as the case may be, to ensure data is processed in alignment with the specified purposes.
Seventh Principle: Data Security
All Data Sharing Parties shall implement appropriate security controls to protect data and ensure a secure and reliable data-sharing environment as per relevant regulatory requirements and directives issued by the National Cybersecurity Authority.
Eight Principle: Ethical Data Use
All Data Sharing Parties shall, in compliance with relevant regulatory requirements, adhere to ethical principles, to ensure responsibility, fairness, integrity, and trust in data use.
Steps and Procedures for Data Sharing from the Saudi Electricity Regulatory Authority
The basic steps for the data sharing process within the authority have been defined to ensure compliance with all necessary regulations and requirements - which may not exceed 25 working days depending on the requirements of the National Data Management Office. The data sharing process includes the following steps:
1. The requester - whether a government, private entity, or individual - sends a data sharing request to the Data Management Office of the Authority, with the request being sent through the entity's office if the requester is a government entity.
2. The Data Management Office of the Authority refers the request to a business data representative who then directs the request to a business data specialist to assess and process it.
3. The business data specialist at the Authority verifies the classification level of the requested data:
a. If the classification level is not specified, the Data Management Office of the Authority must classify the requested data according to the data classification policy.
b. If the classification level is designated as "general", the business data specialist at the Authority can share the requested data without evaluating the request according to the key principles of data sharing.
c. If the classification level is designated as "restricted" or "confidential" or "highly confidential", the business data specialist at the Data Management Office of the Authority must evaluate the request according to the key principles of data sharing.
4. The business data specialist at the Data Management Office of the Authority must complete the data sharing process if all data sharing principles are fully met.
5. The business data specialist at the Data Management Office of the Authority must not continue data sharing if one or more of the data sharing principles are not met. The data sharing request should be returned to the requester with comments, providing the opportunity to meet all incompatible data sharing principles.
6. When all data sharing principles are met, the business data specialist at the Data Management Office of the Authority obtains approval from the business data representative at the Authority to complete the data sharing process.
7. The business data specialist at the Data Management Office of the Authority determines the appropriate controls to ensure compliance with data sharing principles and achieve the specific objectives of each, and an agreement must be reached between the business data specialist at the Data Management Office of the Authority, the requester, and other participating parties in the sharing process to apply these controls.
8. After agreeing on the data sharing controls and committing to their application, the business data specialist at the Data Management Office of the Authority must explain them in detail in the agreement, and all parties participating in the sharing process must sign a data sharing agreement.
9. The Data Management Office at the Authority can share the requested data with the requesting entity after signing the data sharing agreement.
To submit an application, click here