Guidelines for Binding Common Rules (BCR) for Personal Data Transfer – Geographical Scope of Binding Common Rules outlines that the BCRs apply whenever a data controller in Saudi Arabia transfers personal data to any country or international organization outside the Kingdom. The scope is not limited to specific jurisdictions—it applies universally to all cross-border data transfers initiated from within Saudi Arabia.
Geographical Scope of Binding Common Rules
The geographical scope of the Binding Common Rules includes all Personal Data transfers made by Controllers located within the Kingdom to any country/ organization outside the Kingdom.
Explanation of Geographical Scope of Binding Common Rules
Covers data sent abroad from Saudi Arabia:
Guidelines for Binding Common Rules (BCR) for Personal Data Transfer – Geographical Scope of Binding Common Rules says that this Guideline applies to all personal data transfers initiated by controllers located in the Kingdom.
Applies to all countries and international organizations:
Guidelines for Binding Common Rules (BCR) for Personal Data Transfer – Geographical Scope of Binding Common Rules also says that the scope is not limited to specific destinations—it includes any outside the Kingdom.
Triggered by controller’s location in Saudi Arabia:
Guidelines for Binding Common Rules (BCR) for Personal Data Transfer – Geographical Scope of Binding Common Rules also says that Controllers in Saudi Arabia are subject to these rules regardless of the destination country.
