Skip to content
English
Sign in
Technical Support
  • There are no suggestions because the search field is empty.

Cyber Security & Data Protection (EMEA)

1. Does the platform support Single Sign-On (SSO) and Multi-Factor Authentication (MFA)?

Yes. Single Sign-On (SSO) is fully supported. If you are interested, please reach out to your partnerships manager for cost and implementation details. 

SSO implementation aligns with ISO/IEC 27001 standards. Multi-Factor Authentication (MFA) can also be enabled where required; however, SSO alone typically satisfies enterprise security requirements. Additional security configurations can be discussed and implemented as needed.

2. What cyber security certifications does Halo hold?

Halo holds the following certifications:

  • Cyber Essentials

  • Cyber Essentials Plus

Recertification audits are conducted annually. The most recent audit is underway, and updated certificates will be issued shortly. Halo has maintained continuous certification for several years with no lapses.

In addition:

  • Halo is routinely monitored by the UK National Cyber Security Centre (NCSC).

  • Monthly early-warning and monitoring checks are conducted, with recent reports showing Green status.

3. Is Halo compliant with the Saudi Personal Data Protection Law (PDPL)?

Yes. Halo is fully compliant with the Saudi Personal Data Protection Law (PDPL), which came into effect on 14 September 2023 with full enforcement from 14 September 2024.

Halo has operated compliantly under PDPL requirements at numerous major events in the Kingdom of Saudi Arabia since the law came into effect.

4. Has Halo operated in Saudi Arabia under PDPL since enforcement began?

Yes. Since PDPL came into effect, Halo has supported multiple high-profile events in Saudi Arabia, including (but not limited to):

  • Azimuth Festival (Sept 2023)

  • Bruno Mars Concerts (Sept 2023)

  • Soundstorm Festival (2023)

  • Noor Riyadh (2023–2024)

  • Balad Beast Festival (Jan 2024)

  • Diriyah E-Prix Concerts (Jan 2024)

  • Formula 1 Jeddah After-Race Concerts (Feb–Mar 2024)

  • The Saudi Cup (Jan–Mar 2025)

Since beginning operations in the KSA in 2021, Halo has supported over 40 events and locations, including internationally significant events such as Formula One and Soundstorm.

5. How does Halo address PDPL consent requirements?

PDPL requires explicit consent as the primary legal basis for processing personal data.

Halo enables full compliance through:

  • Customisable incident forms, allowing consent prompts to be included at the start of any incident workflow.

  • Optional data fields for personal information.

  • The ability to remove image capture or any sensitive data fields entirely.

  • Clear warnings or instructions (e.g., “Do not capture personal data”).

This ensures that consent is obtained appropriately and unnecessary data collection is prevented by design.

6. How does Halo handle data breach notification?

In accordance with PDPL:

  • Halo commits to notifying the Saudi Data & AI Authority (SDAIA) of any data breach.

  • Notification will occur within 24 hours of discovery, exceeding the statutory 72-hour requirement.

7. Where is data hosted and how is cross-border transfer handled?

Currently, data is hosted in AWS London in a Tier 5, ISO 27001–certified environment.

Cross-border data transfer is lawful under PDPL provided that:

  • National security and vital interests are not impacted.

  • Adequate protection is guaranteed.

Halo meets these requirements through:

  • AES-256 encryption at rest and in transit.

  • No onward transfer beyond AWS London.

  • Strong UK data protection laws and governance.

  • A proven record of zero data breaches.

Once the AWS Saudi Arabia region becomes available (publicly announced for 2026), Halo will transition hosting to the Kingdom without retaining copies outside KSA.

8. Can data be hosted in Saudi Arabia in the future?

Yes. Halo plans to migrate hosting to Saudi Arabia as soon as the AWS KSA region becomes available (anticipated 2026).

Halo is also:

  • Establishing a local KSA entity.

  • Employing Saudi nationals.

  • Investing in local capability, training, and best practices.

9. What rights do data subjects have and how are they supported?

Data subjects have the right to:

  • Access their data

  • Request amendments

  • Request erasure

These requests can be fulfilled:

  • Directly by the client through the Halo Admin interface

  • By contacting Halo support

  • Via guidance published on Halo’s website

10. What security measures protect the data?

Halo implements comprehensive security controls, including:

  • AES-256 encryption (in transit and at rest)

  • Role-based access control

  • Department-level data separation

  • Full audit logging

  • AWS ISO 27001 infrastructure

  • Continuous monitoring via UK NCSC frameworks

11. Does Halo appoint a Data Protection Officer (DPO)?

Yes. Halo’s CEO acts as the Data Protection Officer, supported by the Senior Leadership Team.

Halo is launching a public Trust Centre powered by Drata, which will provide transparent access to:

  • Policies and procedures

  • Compliance evidence

  • Certifications and audits

Additional certifications (including ISO 27001, SOC 2, penetration testing, and uptime monitoring) will be published shortly.

12. Is Halo insured against cyber and data risks?

Yes. Halo maintains industry-leading insurance coverage, including cyber insurance with high coverage limits. 

13. Can the system process sensitive security or national safety incidents?

Yes. Halo can process incidents related to:

  • National security

  • Public safety

  • Terrorism

  • Critical infrastructure threats

Incident types, data fields, and workflows are fully configurable. Clients control what data is captured and how it is structured.

Halo has proven experience supporting high-security environments, including use by the British Government during the G7 Summit, supporting diplomatic and protective security operations.

14. Can access be restricted by role or department?

Yes. Halo supports granular access control, including:

  • Mobile app users

  • Team leaders / multi-agency users

  • Web dashboard users

  • Administrators

Data can also be segregated by department while still enabling coordinated operational oversight.

15. How does Halo comply with Article 29 of the KSA PDPL?

Halo complies fully with Article 29 by ensuring:

A. No prejudice to national security

  • Data capture is client-defined and minimised by design

  • Hosting outside KSA is temporary

B. Adequate protection

  • AES-256 encryption

  • ISO 27001–certified AWS infrastructure

  • No onward data transfers

  • Strong contractual and legal safeguards

C. Limited transfer

  • Data capture can be disabled entirely

  • Transfers are geographically restricted to London

  • Hosting outside KSA is short-term only

  • Full audit logs and governance controls are in place

Halo welcomes audits and provides contractual guarantees to clients.

16. Does Halo have experience complying with global data protection laws?

Yes. Halo complies with data protection regulations across multiple jurisdictions, including:

  • Saudi Arabia (PDPL)

  • United Kingdom (UK GDPR)

  • European Union (GDPR)

  • United States

  • Canada

  • UAE

  • Japan

  • Argentina

  • Singapore

  • Malta

    …and more than 25 countries globally.