National Data Governance Policies

Version 1 - 5/5/2020
Open Data Policy
5. Open Data Policy
Open data is a subset of public information according to the
classification levels described in the “Data Classification Policy” section.
5.1 Scope
The provisions of this policy shall apply to all (unprotected) public data
and information produced by public entities, regardless of their source, form
or nature. This shall include paper records, emails, information stored on
computers, audio or video cassettes, maps, photographs, manuscripts or
handwritten documents, or any other form of recorded information.
5.2 Main Principles for Open Data
Principle 1: Open by Default
This principle ensures making the data of public entities available for all
through disclosing, providing access to, or using such data, unless its nature
requires non-disclosure or protection of its privacy or confidentiality.
Principle 2: Open Format and Machine-Readable
Data shall be made publicly accessible in a machine-readable format
that allows automated processing. Data shall be stored in widely used file
formats (such as CSV, XLS, JSON, XML).
Principle 3: Up to Date
The latest versions of open datasets shall be regularly published and
made available to the public in a timely fashion. Whenever feasible, data
collected by public entities shall be released as quickly as it is gathered.
Priority shall be given to data whose utility is time sensitive.
Principle 4: Comprehensive
Open datasets shall be as complete and as granular as possible,
reflecting recorded data, in compliance with the Personal Data Privacy Policy.
Metadata that defines and explains raw data shall be included along with
explanations or formulas for how data was extracted or calculated.
Principle 5: Non-discriminatory
Datasets shall be made available for all without discrimination or
requirement for registration. Any person shall be able to access the published
open data at any time without having to identify him or to provide justification
for gaining access thereto.
Principle 6: Free of Charge
Open data shall be made available for all free of charge.
Principle 7: Open Data Licensing in KSA
Open data shall be subject to a license providing the legal basis for
open data usage while defining the conditions, obligations, and restrictions
applicable to the user. Any usage of open data shall indicate acceptance of
the license terms.
Principle 8: Improved Governance and Citizen Engagement
Open data shall enable data access and engagement for all, reinforce
the transparency and accountability of public entities, and support the
process of decision-making and provision of public services.
Principle 9: Inclusive Development and Innovation
Entities shall play an active role in promoting the reuse of open data and
providing the necessary supporting resources and expertise. These entities
shall, in conjunction with the relevant stakeholders, seek to empower a future
generation of open data innovators and engaging individuals, organizations,
and the general public in unlocking the value of open data.
5.3 Public Data Valuation for Defining Open Datasets
The data valuation process to enable the publication of open datasets
at scale passes through several main phases as follows:
Step 1: Identifying Data and Public Information
To assess data value, a public entity shall classify data (in line with the
Data Classification Policy) and shall identify all “publicly” classified datasets
that may be composed of files, tables or specific records in a database, etc.
Afterwards, the benefits, applications, and potential uses for every dataset
shall be defined. It is possible to consider the data domain or sector when
analyzing potential use cases; for example, GIS data can be used to benefit
the health sector. In addition, it is possible to take data sources into
consideration: data collected from users directly; data automatically collected
through recorded events such as electronic transactions; aggregated data, or
data developed from combining data, etc.
Step 2: Assessment of Data Value
After identifying the datasets in the previous step, an analysis shall be
made of the main factors related to data usefulness which play a critical role
in assessing its value, such as data completeness, accuracy, consistency,
timeliness, restrictions, exclusivity, potential risks of publication, or ability to
access and integrate with other data.
Step 3: Identifying Potential Stakeholders
After assessing the data value in the previous step, all potential
stakeholders, whether entities or individuals, shall be identified across the
entire value chain; for example, it is possible to publish consumer trends to
product manufacturers, not only to retail stores. Therefore, it is important to
understand the key drivers for stakeholders, such as generating revenues by
developing data products or services for public benefit such as those
contributing to improving the quality of life.
After the data valuation process is completed, the open data lifecycle
may start as described herebelow.
5.4 General Rules for Open Data
The Open Data Policy shall define general rules and obligations that
public entities are required to comply with throughout the open data lifecycle;
these include:
- Open data planning
- Open data identification
- Open data publishing
- Open data maintenance
- Open data performance tracking.
Open Data Planning
Public entities shall:
1. Appoint an open data and information access officer at the entity’s office
with the primary responsibility to support the planning, execution, and
reporting of the entity’s open data agenda and in compliance with this Policy;
2. Develop an open data plan that shall include the following:
- Key strategic objectives for open data at the entity level;
- Identification and prioritization of the entity’s datasets to be published
on the National Open Data Portal;
- Open data key performance indicators (KPIs) and targets for the entity;
- Prioritization methodology and criteria;
- Training needs related to open data; and
- Timelines for open data publication and maintenance.
3. Develop and document the processes required throughout the open data
lifecycle, including, but not limited to:
- Processes to identify public datasets to be published by the public
entity;
- Processes to validate and systematically review the compliance of
open data with the requirements for information security, personal data
privacy, and data quality and to immediately address any identified
concerns;
- Processes to ensure that datasets are published and maintained to
their appropriate format, timeliness, comprehensiveness, and overall
high quality and ensure the exclusion of any restricted data; and
- Processes for gathering feedback, analyzing performance at the entity
level, and improving the overall national impact of open data.
4. Ensure that the open data plan is periodically reviewed and maintained;
5. Submit an annual report to NDMO on the open data plan and the progress
achieved towards the open data targets as defined in the plan;
6. Conduct training courses related to open data with the support of NDMO
or in coordination therewith;
7. Launch awareness-raising campaigns to ensure that potential users are
aware of the availability, nature, and quality of the open data published by the
entity.
Open Data Identification
Public entities shall:
1. Regularly identify all data classified as “Public” and evaluate the priority for
publication as open data of each dataset identified;
2. Assess the value and priority for publication of a dataset immediately upon
receiving a request for publication, or whenever a previously restricted
dataset is declassified as Restricted and reclassified as public;
3. Record and publish the metadata for the identified open datasets;
4. Consider whether the combination of any publicly available datasets would
result in raising the data classification level to protected data, as per the
guidelines issued by NDMO in this respect.
Open Data Publishing
Public entities shall:
1. Publish their open datasets on the official National Open Data Portal;
2. Ensure that data is published in discoverable, well-structured, machine-
readable, non-proprietary, standardized data formats, including, but not
limited to: CSV, JSON, XML, and RDF. The dataset files shall be
accompanied by documentation related to the format and instructions on
how to use them; and
3. Provide data in multiple formats whenever possible.
Open Data Maintenance
Public entities shall:
1. Ensure that all published open datasets are updated regularly as per the
frequency mechanism defined in the metadata;
2. Perform continuous review of the published open datasets to ensure that
they meet defined regulatory requirements;
3. Ensure that metadata is updated and maintained, especially whenever the
data elements of the published open datasets change;
4. Maintain data traceability by documenting data sources and maintaining
dataset version history;
5. Publish open datasets, along with defining and documenting quality-
related restrictions in the Metadata.
Open Data Performance Tracking
Public entities shall:
1. Analyze the demand and usage of open data to understand public demand
and reprioritize datasets accordingly;
2. Collect, analyze and timely respond to users’ requests received directly or
through the National Open Data Portal for the publishing of additional
datasets.
5.5 Roles and Responsibilities
The Open Data Policy shall define the following roles and
responsibilities both at the national and entity levels.

At the National Level

1. NDMO
NDMO, in its capacity as responsible for overseeing open data
initiatives in the Kingdom, shall coordinate all open data initiatives and
activities at the national level. It shall determine the strategic orientation of
open data in the Kingdom and shall develop the national regulations,
standards, and procedures to ensure that open data is effectively managed
and published across the Kingdom and that it achieves the intended targets.

As such, NDMO’s responsibilities shall include:

§ Prepare and review the Open Data Policy: Draft and update this
Open Data Policy and revise it on a periodical basis to consider the
potential changes affecting the open data lifecycle.
 § Develop a plan for adopting the Open Data Policy: Provide
continuous guidance to public entities to enable the approval and
implementation of this Policy.
§ Open data Consultations: Support public entities to comply with this
Policy and answer any queries related to determining, updating and
publishing Open data.
§ Measurement of Compliance with Open Data Requirements:
Measure the compliance of entities on a periodic basis pursuant to the
defined compliance mechanism (For further details, please refer to the
“Compliance” section) and verify open data initiatives and activities
when required.
§ Open Data Education and Awareness: Launch and monitor
communication and training initiatives to raise awareness of open data
and approve same at the national level.
§ Open Data Consolidation: Review the list of available open datasets at
the national level and prepare a list of such datasets to indicate their
progress.
§ Open Data Performance: Analyze open data usage and impact at the
national level, and create improvement opportunities to be
communicated to the relevant stakeholders.
§ Preparation and Review of Open Data Licensing: A license that
allows users to share, modify and use open data.

2. National Information Center (NIC)

The National Information Center (NIC) serves as the technical operator
of the National Open Data Portal, including the design, building, operation
and maintenance of the platform.
As such, NIC’s responsibilities shall include:
§ Develop, Manage and Operate the National Open Data Portal:
Design, build, and maintain the National Open Data Portal to ensure
that entities can publish, manage, and update their open datasets.
§ Authorize Portal Participation and Prepare Manuals: Authorize
public entities and ensure that they have appropriate access to the
National Open Data Portal, as well as prepare operational and technical
guidelines for publishing and updating open data on the National Open
Data Portal.
§ Record Portal Usage Statistics: Capture usage trends and statistics
for the published open data and provide same to NDMO and public
entities.
At the Entity Level
All public entities shall have the primary responsibility for ensuring that
their open data is published in compliance with the Open data Policy. As
such, these entities shall appoint individuals to be responsible for carrying out
the open data activities as outlined below.
The main responsibility for the open data activities within the entity shall
lie with both the Director of the Entity’s Office and the Open Data and
Information Access Officer (ODIAO).
Head of the Entity: The Head of the Entity – or his designee – shall be held
accountable for the open data practices within the entity, and his
responsibilities shall include:
§ Approval of Open Data Plan: Approve and oversee the implementation
of the entity’s open data plan.
 § Assignment of Open Data Roles: Assign the different roles related to
open data.
§ Approval of Open Data Annual Report: Approve the open data annual
report prepared by the Director of the Entity’s Office.
Director of the Entity’s Office: He shall be deemed as the strategic lead of
the open data operations; his duties and responsibilities shall include the
following:
§ Open Data Strategic Planning: Oversee the development of the open
data plan and submit same to the head of the entity, as well as review
open data performance to identify and employ improvement
opportunities in the open data plan.
§ Open Data Supervision: Review the open data identification and
prioritization activities, approve open data publication, and ensure open
data maintenance activities are being performed.
§ Open Data Compliance: Ensure the compliance of the entity’s open
data activities with the national data policies, including, but not limited
to, data classification, protection of personal data privacy, and freedom
of information.
§ Coordination with NDMO: The Director of the Entity’s Office shall
serve as the first point of contact between the entity and NDMO vis-à-
vis open data. He shall resolve any pending issues related to open data
within the entity and shall refer such issues to NDMO whenever
necessary.
Open Data and Information Access Officer (ODIAO). He shall be is the
operational lead of open data within the entity; his duties and responsibilities
shall include the following:
 § Open Data Planning: Develop the open data plan, including the open
data prioritization methodology, and set targets and KPIs to be agreed
on with the Director of the Entity’s Office and the Head of the Entity.
§ Open Data Management: Manage open data activities within the
entity, particularly the following:
- Identification of open data;
- Prioritization of dataset publication;
- Preparation of datasets for publication and documentation of
metadata;
- Publication of open datasets on the National Open Data Portal; and
- Updating and maintaining published datasets, and reviewing their
quality.
§ Collection of Open Data Requests: Review open data feedback
relevant to the entity and record and analyze requests to publish
specific data as open.
§ Open Data Education and Awareness: Educate and raise the
awareness of the entity’s employees with regard to open data and
support national awareness-raising campaigns, in coordination with the
Director of the Entity’s Office.
§ Coordination with NDMO (at a secondary level): He shall serve as the
secondary point of contact between the entity and NDMO.
Business Data Executive: The Business Data Executive shall undertake the
following responsibilities:
§ Endorse the Open Data Plan: Contribute to the development of the
open data plan and manage the teams in charge of plan
implementation, in coordination with the ODIAO.
 § Open Data Prioritization: Advise the ODIAO on the value of public
datasets and the investments required to publish and update same.
§ Review and Approval of Datasets: Review and approve datasets to
ensure that they meet the specifications prescribed in the Regulations
in terms of quality and completeness, and document metadata before
its submission for publication.
Business Data Steward: The Business Data Steward shall be considered a
member of the Business Data Executive’s team responsible for:
§ Identification of Open Datasets: The Business Data Steward shall
systematically review and identify the data created and processed by
his department and shall classify such as public data where necessary.
§ Preparation of Open Datasets: Prepare the open datasets to be
published to meet the specifications prescribed in the Regulations in
terms of quality, completeness, and document metadata before its
submission for publication.
§ Maintenance of Open Datasets: Update and maintain published open
datasets and related metadata.

5.6 Compliance
NDMO, in its capacity as the national regulator of data, shall monitor
compliance with the Open Data Policy with the support of the Regulatory
Authorities.
Compliance Terms
1. All public entities shall abide by the Open Data Policy and shall submit an
annual report to NDMO including, but not limited to, the following:
- The level of progress and achievement realized by the entity as per its
defined plan;
 - The targets and KPIs set in the open data plan;
- The number of open datasets identified; and
- The number of open datasets published.
2. The Regulatory Authorities shall – in coordination with NDMO – develop the
mechanisms, procedures, and controls required to resolve open data
disputes pursuant to a specified timeframe and in accordance with the
organizational hierarchy.
3. NDMO shall review the annual reports submitted by public entities with
regard to their general compliance with the Open Data Policy and shall share
such reports with the relevant entities.
4. NDMO shall conduct periodic or ad-hoc audits to ensure the compliance of
any public entity and shall review the decisions to publish or refuse to publish
data to conduct any required procedure in this respect.
Response to Cases of Non-compliance
When addressing cases of non-compliance, NDMO shall adopt a
gradual approach to analyze the reasons for non-compliance and the severe
impacts and risks resulting therefrom. Accordingly, NDMO shall respond to
such cases in light of the three following levels:
§ Awareness-Raising: NDMO shall focus on awareness-raising when
dealing with accidental or non-intentional cases of non-compliance with
minor negative impacts.
§ Co-operation: NDMO shall co-operate with the public entity to prevent,
deter, or address non-compliance cases with moderate negative
impacts resulting from negligence or non-conformity with the provisions
and rules of this Policy.
§ Direct Intervention: NDMO shall investigate ongoing, recurring or
intentional non-compliance cases or those with severe negative impacts
and shall make the necessary decisions that are commensurate with the
size and nature of such negative impacts.