Overview
Personal Data Disclosure Cases Guideline — Introduction explains the cases, conditions, and restrictions governing the disclosure of Personal Data under the Saudi Personal Data Protection Law (PDPL) and its Implementing Regulations. It is issued by the Saudi Data and AI Authority (SDAIA) to help entities understand when Personal Data may be disclosed, the legal boundaries that apply to disclosure, and the regulatory limits that must be respected.
The Guideline supports compliance with the Law by clarifying disclosure obligations while confirming that the Law and Implementing Regulations remain the primary regulatory reference.
SDAIA's Official Text
The text below reproduces official PDPL law, regulation, or guideline issued by the Saudi Data & AI Authority, verified against the original SDAIA source. No changes or reinterpretation applied.
Introduction
In fulfillment of its mandate to raise awareness among entities subject to the provisions of the Personal Data Protection Law the “Law” and its Implementing Regulations, and to enable those entities to understand their obligations under Articles (15) and (16) of the Law and Article (20) of the Implementing Regulations, the Saudi Data & AI Authority (SDAIA) has issued this Guideline to assist entities in determining the cases and restrictions of personal data disclosure.
This Guideline also provides clarifications regarding the restrictions on personal data disclosure. The terms and phrases used in this Guideline shall be construed in accordance with the definitions provided in the Law and its Implementing Regulations.
This Guideline shall not be considered a binding legal document, nor shall it substitute consulting the Law and its Implementing Regulations, which shall constitute the regulatory reference for all matters related to the application of the Law’s provisions.
Plain-Language Explanation
The explanation below is provided to help you understand the SDAIA’s legal text and does not replace or override the official PDPL law, regulation, or guideline.
Purpose of Issuance
This Guideline is issued to raise awareness and assist entities subject to the Law in understanding their obligations related specifically to the disclosure of Personal Data.
It focuses on explaining when disclosure is permitted and the restrictions that apply, in line with the relevant Articles of the Law and the Implementing Regulations.
Scope of Clarification
The Guideline provides clarification on disclosure restrictions only. It does not introduce new disclosure cases or expand existing legal bases.
All terminology used is aligned with the definitions established under the Law and its Implementing Regulations.
Legal Status of the Guideline
This Guideline is not legally binding. It does not replace the Law or the Implementing Regulations. For regulatory interpretation and enforcement purposes, the Law and its Implementing Regulations remain the authoritative reference.
