saudi-pdpl.com

Search Bar with Scrollable Suggestions

SAUDI PDPL

BLOG

Menu

FAQ

Table of Contents

Article 1

Article 2

Article 3

Article 4

Article 5

Article 6

Article 7

Article 8

Article 9

Article 10

Article 11

Article 12

Article 13

Article 14

Article 15

Article 16

Article 17

Article 18

Article 19

Article 20

Article 21

Article 22

Article 23

Article 24

Article 25

Article 26

Article 27

Article 28

Article 29

Article 30

Article 31

Article 32

Article 33

Article 34

Article 35

Article 36

Article 37

Article 38

Article 39

Article 40

Article 41

Article 42

Article 43

Article 29

  1. Subject to the provisions of Paragraph (2) of this Article, a Controller may Transfer Personal Data outside the Kingdom or disclose it to a party outside the Kingdom, in order to achieve any of the following purposes:

    A. If this is relating to performing an obligation under an agreement, to which the Kingdom is a party.

    B. If it is to serve the interests of the Kingdom.

    C. If this is to the performance of an obligation to which the Data Subject is a party.

    D. If this is to fulfill other purposes as set out in the Regulations.

  2. The conditions that must be met when there is a Transfer or Disclosure of Personal Data, according to what is stated in Paragraph (1) of this Article, are as follows:

    A. The Transfer or Disclosure shall not cause any prejudice to national security or the vital interests of the Kingdom.

    B. There is an adequate level of protection for Personal Data outside the Kingdom. Such level of protection shall be at least equivalent to the level of protection guaranteed by the Law and Regulations, according to the results of an assessment conducted by the Competent Authority in coordination with
    whomever it deems appropriate from the other relevant authorities.

    C. The Transfer or Disclosure shall be limited to the minimum amount of Personal Data needed.

  3. Paragraph (2) of this Article shall not apply to cases of extreme necessity to preserve the life or vital interests of the Data Subject or to prevent, examine or treat disease.

  4. The Regulations shall set out the provisions, criteria and procedures related to the implementing this Article, including applicable exceptions for Controllers regarding conditions referred to in Subparagraphs (b) and (c) of Paragraph (2) of this Article, as well as controls and procedures for such exemptions.
Article 28
Article 30
Scroll to Top