Standard Contractual Clauses For Personal Data Transfer – Definitions clarify what key terms mean within the context of the SCCs. These definitions establish a shared understanding between parties relying on the clauses, particularly when dealing with international data transfers. It ensures there’s no ambiguity in terms like “Appropriate Safeguards,” “International Organization,” or “Third-Party Data Transfers,” all of which have specific meanings under Saudi PDPL and the Transfer Regulation.
In this document, unless explicitly stated otherwise, the following terms shall have the meanings assigned to each of them below:
Standard Contractual Clauses For Personal Data Transfer – Definitions
The Kingdom
The Kingdom of Saudi Arabia (KSA)
The Law
The Personal Data Protection Law (PDPL) issued by Royal Decree No. (M/19) dated 9/2/1443 AH and amended by Royal Decree No. (M/148) dated 5/9/1444 AH.
Regulations
The Implementing Regulations of the Law “Includes both of the implementing Regulations and the implementing Regulation for Personal Data Transfer outside the Kingdom.”
The Competent Authority
Saudi Data & AI Authority (SDAIA)
Appropriate Safeguards
The requirements imposed by the competent authority on controllers, which include adherence to the Law and Regulations when transferring or disclosing personal data to entities outside the Kingdom. This applies in cases where exemptions are granted from the conditions for providing an appropriate or minimum level of personal data protection, to ensure appropriate level of protection when transferring personal data outside the Kingdom that meets at least the standards prescribed by the Law and Regulations.
Standard Contractual Clauses
Mandatory provisions governing the transfer of personal data outside the Kingdom that ensure appropriate level of protection for such data not less than the standard prescribed by the Law and Regulations. These provisions are in accordance with a standard form issued by the competent authority.
International Organization
A legal body comprising members from at least three countries, operating in multiple sovereign states, established through a formal legal document such as a treaty or agreement based on international law, and this legal document defines the aims and objectives of the international organization and its structures, decision-making powers and jurisdiction. (e.g. the United Nations, the World Bank, the League of Arab States, the Arab Monetary Fund). These organizations engage in international activities and must comply with various Personal Data protection laws across different jurisdictions.
Transfer of Personal Data
Transfer, disclosure (or granting of access) of Personal Data from the Kingdom of Saudi Arabia to Controllers, Processors, or other recipients in countries or international organizations other than the Kingdom of Saudi Arabia where neither the Personal Data Exporter nor the Importer of the Personal Data. Third-Party Data Transfers/Subsequent Transfers: The transfer of Personal Data from an external country or international organization to Controllers or Processors within the same country/organization or in another country/organization.
