KSAPDPL.COM

PDPL Compliance Services

Table of Contents

Saudi PDPL Article 6 – Consent Exceptions for Processing

  • 🕒 2 min read

PDPL Article 6 explains the specific situations where personal data can be processed without needing the individual’s consent, as long as certain conditions are met.

These exceptions are allowed because requiring consent in these situations might be unreasonable, unnecessary, or conflict with other legal obligations.

In the following cases, Processing of Personal Data shall not be subject to the consent referred to in Paragraph (1) of Article (5) herein:

Saudi PDPL Article 6 (1)

Consent Not Required, If

The Processing serves actual interests of the Data Subject, but communicating with the Data Subject is impossible or difficult.

Saudi PDPL Article 6 (2)

Consent Not Required, If​

The Processing is pursuant to another law or in implementation of a previous agreement to which the Data Subject is a party.

Saudi PDPL Article 6 (3)

Consent Not Required, If​

The Controller is a Public Entity and the Processing is required for security purposes or to satisfy judicial requirements.

Saudi PDPL Article 6 (4)

Consent Not Required, If​

The Processing is necessary for the purpose of legitimate interest of the Controller, without prejudice to the rights and interests of the Data Subject, and provided that no Sensitive Data is to be processed. Related provisions and controls are set out in the Regulations.

Explanation of Saudi PDPL Article 6

Consent not needed if contact is impossible:

Saudi PDPL Article 6 (1) says that, consent is not needed if it’s in the best interest of the individual, but you can’t reach them (e.g., emergency medical care).

Consent not needed if it's required by law or existing agreement:

Saudi PDPL Article 6 (2) says that, consent is not needed if it’s required by another law or a contract the data subject has already agreed to.

Consent not needed if it's Permitted for security or judicial purposes:

Saudi PDPL Article 6 (3) says that, consent is not needed if the controller is a public entity, and the processing is needed for security or legal reasons.

Consent not needed if it's balanced and no sensitive data involved:

Saudi PDPL Article 6 (4) says that, consent is not needed if it serves the legitimate interest of the controller, as long as:

  • It doesn’t harm the rights of the data subject
  • No sensitive data is involved
  • The Regulations define controls for this

Saudi Personal Data Protection Law Compliance Services (KSA PDPL)

PDPL Compliance Implementation

Achieve PDPL Compliance in 4 weeks or less.

Personal Data Protection Officer As A Service (DPOaaS)

Let us handle your daily PDPL Compliance Operations.

PDPL Compliance Audit (External)

Audit your PDPL compliance obligations.

Scroll to Top