Elaboration and Developing Privacy Policy Guideline — Sixth: Personal Data Sharing says that controllers must inform individuals whether their personal data will be shared with third parties inside or outside the Kingdom, clearly identify those parties, describe the nature of those entities, and explain the reason and frequency of data disclosure.
Sixth: Personal Data Sharing
Disclosure Clarity
1. The Controller shall clarify whether Personal Data or a specific group thereof shall be disclosed to other entities (whether inside or outside the Kingdom) and shall provide the Data Subject with information about the entity(s) to which Personal Data is disclosed, along with a description of such entities.
Recipient Description
2. If there is a need to disclose Personal Data or a specific group thereof, the main purpose of disclosing such data shall be clearly and accurately specified, along with whether it will be disclosed occasionally (one time) or regularly (several times).
Explanation of Sixth: Personal Data Sharing
Identify recipients:
Elaboration and Developing Privacy Policy Guideline — Sixth: Personal Data Sharing requires Controllers to clearly state if and to whom personal data (or parts of it) will be shared, including whether those recipients are inside or outside the Kingdom.
Specify entity type:
Elaboration and Developing Privacy Policy Guideline — Sixth: Personal Data Sharing requires a basic description of the third-party entities receiving the data, helping the Data Subject understand who they are.
Explain why and how often:
Elaboration and Developing Privacy Policy Guideline — Sixth: Personal Data Sharing also requires stating the reason for disclosing the data and indicating whether it is a one-time or recurring disclosure.
