Overview
PDPL Implementing Regulation Article 30 sets the conditions for collecting or Processing Personal Data for scientific, research, or statistical purposes without obtaining consent. The Article ensures that Processing for research remains lawful, minimal, and privacy preserving. Controllers must define the research purpose clearly, apply strict minimisation, use pseudonymisation when possible, and avoid any negative impact on Data Subjects.
These safeguards ensure that research activities align with PDPL principles while enabling responsible data use across scientific and statistical domains.
SDAIA's Official Text
The text below reproduces official PDPL law, regulation, or guideline issued by the Saudi Data & AI Authority, verified against the original SDAIA source. No changes or reinterpretation applied.
Article 30: Collection and Processing of Data for Scientific, Research, or Statistical Purposes
When collecting or Processing Personal Data for scientific, research, or statistical purposes without Data Subject’s consent, the Controller shall commit to the following:
- Clearly and accurately specify the scientific, research, or statistical purposes in the records of Personal Data Processing activities
- Take the necessary measures to ensure that only minimal Personal Data necessary to achieve the specified purposes is collected.
- Pseudonymise Personal Data that is being processed, in cases where this does not impact the achievement of the Processing purpose.
- Take the necessary measures to ensure that the Processing does not have any negative impact on the rights and interests of the Data Subject.
Plain-Language Explanation
The explanation below is provided to help you understand the SDAIA’s legal text and does not replace or override the official PDPL law, regulation, or guideline.
