Overview
Personal Data Disclosure Cases Guideline – General Guidelines sets out general requirements that apply to all Personal Data disclosure activities. It focuses on record-keeping of disclosure activities and compliance with cross-border personal data transfer requirements where disclosure involves entities outside the Kingdom.
SDAIA's Official Text
The text below reproduces official PDPL law, regulation, or guideline issued by the Saudi Data & AI Authority, verified against the original SDAIA source. No changes or reinterpretation applied.
General Guidelines
- The Controller shall include personal data disclosure activities in the personal data processing activities records, as well as document their dates, methods, and purposes.
- The Controller shall comply with the requirements for transferring personal data outside the Kingdom when disclosing personal data in accordance with the requirements and circumstances stipulated in the Law and Regulations.
Plain-Language Explanation
The explanation below is provided to help you understand the SDAIA’s legal text and does not replace or override the official PDPL law, regulation, or guideline.
Documentation of Disclosure Activities
This guideline requires the Controller to record Personal Data disclosure activities within the personal data processing activities records. The documentation must include the dates of disclosure, the methods used, and the purposes for which the Personal Data was disclosed.
Compliance with Cross-Border Transfer Requirements
This guideline requires the Controller to comply with the requirements governing the transfer of Personal Data outside the Kingdom when disclosure involves such transfers. Compliance must be in accordance with the requirements and circumstances set out in the Law and the Regulations.
