Overview
Guidelines for Binding Common Rules (BCR) for Personal Data Transfer – Cooperation with the Competent Authority addresses cooperation between the Group of Entities and the Competent Authority. It focuses on principles and procedures that support oversight, transparency, responsiveness, and compliance with the Binding Common Rules, the Law, and the Regulations applicable in the Kingdom.
SDAIA's Official Text
The text below reproduces official PDPL law, regulation, or guideline issued by the Saudi Data & AI Authority, verified against the original SDAIA source. No changes or reinterpretation applied.
Cooperation with the Competent Authority
This section outlines the principles and procedures for cooperation between the Group of Entities and the Competent Authority. It ensures that the Group complies with the requirements set by the Competent Authority, facilitating effective oversight and ensuring adherence to the BCR, laws, and regulations applicable in the Kingdom.
- Cooperation with the Competent Authority: Explain the general principles and obligations of the Group of Entities in cooperating with the Competent Authority. It emphasizes the Group members’ commitment to transparency, responsiveness, and collaboration in all matters related to data protection, including the following:
- Provide a statement affirming the Group’s commitment to cooperate fully with the Competent Authority.
- Identify the designated contact point within the Group who will handle requests from the Competent Authority, and include the roles and contact information.
- Outline the procedures for responding to requests, inquiries, and inspections from the Competent Authority. Specify the timelines for providing information and documentation.
- Describe any regular reporting obligations to the Competent Authority, including the types of reports and content.
- Compliance with the Competent Authority Directives: Describe how the Group and its members will comply with the Competent Authority’s directives regarding the BCR and the processing of Personal Data.
- The Right of the Competent Authority to Follow Up on Compliance: Describe how the Competent Authority can follow up on the Group’s compliance with the BCR and the provisions of the Law and Regulations.
Plain-Language Explanation
The explanation below is provided to help you understand the SDAIA’s legal text and does not replace or override the official PDPL law, regulation, or guideline.
1. Cooperation with the Competent Authority
This provision explains that the Group of Entities must cooperate with the Competent Authority based on principles of transparency, responsiveness, and collaboration in matters related to data protection. It requires documenting a commitment to full cooperation, identifying a designated contact point, setting procedures for responding to requests and inspections with defined timelines, and describing any regular reporting obligations.
2. Compliance with the Competent Authority Directives
This provision explains that the Group and its members must comply with directives issued by the Competent Authority in relation to the Binding Common Rules and the processing of Personal Data.
3. The Right of the Competent Authority to Follow up on Compliance
This provision explains that the Competent Authority has the right to follow up on the Group’s compliance with the Binding Common Rules and with the provisions of the Law and Regulations.
