KSAPDPL.COM

PDPL Compliance Services

Table of Contents

Saudi PDPL Article 26 – Marketing Use of Personal Data

  • 🕒 1 min read

PDPL Article 26, says that controllers are allowed to use personal data for marketing, but only if:

  • The data is collected directly from the data subject, and

  • The individual has given valid consent under the PDPL.

However, sensitive data (like health, biometric, or religious data) can never be used for marketing, regardless of consent.

The Regulations will specify the controls that must be followed for marketing-related processing.

Saudi PDPL Article 26

Consent-Based Marketing Only

With the exception of Sensitive Data, Personal Data may be processed for marketing purposes, if it is collected directly from the Data Subject and their consent is given in accordance with the provisions of Law; the Regulations shall set out the controls in such regard.

Explanation of Saudi PDPL Article 26

Personal data may be used for marketing only with direct collection and valid consent

Saudi PDPL Article 26 says, controllers may use personal data for marketing only if it was collected directly from the data subject and they gave proper consent. Sensitive data is excluded under all circumstances.

Saudi Personal Data Protection Law Compliance Services (KSA PDPL)

PDPL Compliance Implementation

Achieve PDPL Compliance in 4 weeks or less.

Personal Data Protection Officer As A Service (DPOaaS)

Let us handle your daily PDPL Compliance Operations.

PDPL Compliance Audit (External)

Audit your PDPL compliance obligations.

Scroll to Top