Overview
Guidelines for Binding Common Rules (BCR) for Personal Data Transfer – Details of the Entity Implementing the BCR (First Section) specifies the information that must be documented about the entity within the Group of Entities that is responsible for implementing the Binding Common Rules. It focuses on identifying the Group, the responsible entity in the Kingdom, its legal and registration details, its position within the Group, responsible personnel, contact points, and supporting documentation.
SDAIA's Official Text
The text below reproduces official PDPL law, regulation, or guideline issued by the Saudi Data & AI Authority, verified against the original SDAIA source. No changes or reinterpretation applied.
FIRST SECTION
This section should be used to document details about the entity within the Group of Entities that is implementing the Binding Common Rules (BCR)
- Name of the Group: Provide the official name of the Group of Entities, for example: ""**** Group".
- Address of the Headquarters of the Group: Specify the complete address of the main headquarters of the Group of Entities, for example: "123 Main Street, Riyadh, Saudi Arabia".
- Name of the Entity: State the name of the entity within the Kingdom of Saudi Arabia responsible for the BCR, according to the commercial registration number of that entity, and confirm that such entity has the financial capability to provide compensation s for any liabilities under the BCR, for example: ""**** Company"
- Legal Form of the Entity: Indicate the legal form of the entity, for example: "Corporation"
- Commercial Registration Number of the Entity: Provide the commercial registration number assigned to the entity by the relevant Saudi Arabian authority, for example: ""123****"
- Address of the Entity in the KSA: Enter the full address of the entity within the Kingdom of Saudi Arabia, for example: 45457 Industrial Zone, Jeddah, Saudi Arabia".
- Registration Number of the Entity at the Competent Authority: Provide the registration number assigned by the Competent Authority if available, for example: "987754321"
- Business Sector of the Entity: Specify the business sector in which the entity operates, for example: "Information Technology"
- Name, Address, and Commercial Registration Number of All Entities of the Group Inside the Kingdom: List all entities within the Group located in Saudi Arabia, along with their addresses and commercial registration numbers, for example: Riyadh, 789 Commerce St, Riyadh, CR No. 112233", Jeddah, 45 7 Trade Rd, Jeddah, CR No. 44***"
- Position of the Entity Within the Group: Describe the role or position of the entity within the Group of Entities structure worldwide, for example: "Regional Headquarters for the Middle East".
- Name and Position of (the Person in Charge of the BCR): Provide the full name and job title of the individual responsible for managing the BCR, for example: Abdulrahman Personal Data Protection Officer".
- Contact Details of Person (Point of Contact) ( Email, Phone Number): Enter the contact details for the point of contact, including their address, email, and phone number, for example: "789 Compliance Blvd, Riyadh, Saudi Arabia, Abdulrahman @exampl e.com, +966 000 000***".
- Name, Title, and Full Contact Details of Any Representative(s) Instructed to Act on Behalf of the Entity: Provide the details of any external legal or advisory professionals assisting with the BCR documentation, if any, for example Amal Senior Counsel, Legal Advisors, Amal @example.com +966 000 00****
- Additional Documents to Be Provided as an Annex: Include a detailed chart illustrating the organizational structure and geographical location of all Group members bound by the BCR.
Plain-Language Explanation
The explanation below is provided to help you understand the SDAIA’s legal text and does not replace or override the official PDPL law, regulation, or guideline.
Identification of the Group and Headquarters
This requirement explains that the official name of the Group of Entities and the complete address of its main headquarters must be documented to clearly identify the Group implementing the Binding Common Rules.
Identification of the Responsible Entity in the Kingdom
This requirement explains that the entity within the Kingdom of Saudi Arabia responsible for the BCR must be identified by its official name and commercial registration, and that this entity must confirm its financial capability to provide compensation for liabilities under the BCR.
Legal and Registration Information
This requirement explains that the legal form, commercial registration number, address in the Kingdom, and registration number at the Competent Authority, if available, must be documented for the responsible entity.
Business Sector and Group Presence in the Kingdom
This requirement explains that the business sector of the entity must be specified and that all Group entities located inside the Kingdom must be listed with their names, addresses, and commercial registration numbers.
Position Within the Group Structure
This requirement explains that the role or position of the responsible entity within the worldwide Group structure must be described.
Responsible Person and Contact Information
This requirement explains that the name and position of the person in charge of the BCR must be provided, along with full contact details for the designated point of contact.
Representatives Acting on Behalf of the Entity
This requirement explains that details of any representatives instructed to act on behalf of the entity must be documented, including their names, titles, and contact information.
Supporting Annex Documentation
This requirement explains that an annex must be included containing a detailed chart showing the organizational structure and geographical location of all Group members bound by the Binding Common Rules.
