Overview
Standard Contractual Clauses For Personal Data Transfer – Standard Contractual Clauses Templates explains the structure and use of the Standard Contractual Clauses templates for Personal Data transfers outside the Kingdom. It clarifies that the templates include general clauses applicable to all transfers, as well as role-specific clauses depending on whether the parties act as Controllers or Processors.
It also explains the need to select the appropriate template based on the roles of the parties involved in the transfer.
SDAIA's Official Text
The text below reproduces official PDPL law, regulation, or guideline issued by the Saudi Data & AI Authority, verified against the original SDAIA source. No changes or reinterpretation applied.
Standard Contractual Clauses Templates
The Standard Contractual Clauses templates have been prepared to include general clauses that apply to all contractual situations, as well as other clauses of a specific nature according to the roles of the parties involved. Before implementing the Standard Contractual Clauses, all parties must identify the template that applies to the relevant transfers according to the nature of their roles and delete those that do not apply.
First Template: Controller to Controller: This template applies to transfers of Personal Data outside the Kingdom from one Controller, the Personal Data Exporter, to another Controller, the Personal Data Importer.
Second Template: Controller to Processor: This template applies to transfers of Personal Data outside the Kingdom from a Controller, the Personal Data Exporter, to a Processor, the Personal Data Importer.
Third Template: Processor to Processor: This template applies to transfers of Personal Data outside the Kingdom from a Processor, the Personal Data Exporter, to a Sub-Processor, the Personal Data Importer.
Fourth Template: Processor to Controller: This template applies to transfers of Personal Data outside the Kingdom from a Processor, the Personal Data Exporter, to a Controller, the Personal Data Importer.
Plain-Language Explanation
The explanation below is provided to help you understand the SDAIA’s legal text and does not replace or override the official PDPL law, regulation, or guideline.
Purpose of the SCC Templates
This provision explains that the Standard Contractual Clauses templates are designed to cover different contractual situations involving Personal Data transfers outside the Kingdom. The templates include both general clauses applicable to all transfers and additional clauses tailored to the specific roles of the parties.
Selection of the Appropriate Template
This provision explains that, before implementing the Standard Contractual Clauses, all parties must identify which template applies based on whether they act as Controllers or Processors in the relevant transfer. Clauses that do not correspond to the parties’ roles must be removed.
Controller to Controller Transfers
This provision explains that the first template applies where Personal Data is transferred outside the Kingdom from one Controller acting as the Personal Data Exporter to another Controller acting as the Personal Data Importer.
Controller to Processor Transfers
This provision explains that the second template applies where Personal Data is transferred outside the Kingdom from a Controller acting as the Personal Data Exporter to a Processor acting as the Personal Data Importer.
Processor to Processor Transfers
This provision explains that the third template applies where Personal Data is transferred outside the Kingdom from a Processor acting as the Personal Data Exporter to a Sub-Processor acting as the Personal Data Importer.
Processor to Controller Transfers
This provision explains that the fourth template applies where Personal Data is transferred outside the Kingdom from a Processor acting as the Personal Data Exporter to a Controller acting as the Personal Data Importer.
