Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View
Contact Us See a demo

What is Egypt’s Data Protection Law

egypt data protection law banner
Published August 9, 2023 / Updated January 7, 2025
Contributors

Anas Baig

Product Marketing Manager at Securiti

Maria Khan

Data Privacy Legal Manager at Securiti

FIP, CIPT, CIPM, CIPP/E

Listen to the content

With emerging technology and the world becoming more digital, countries all over the world are drafting comprehensively data privacy regulations. Joining the global movement, the government of Egypt has passed its first-ever Personal Data Protection Law (PDPL), which is very much in line with the requirements of the global best practice, the EU’s General Data Protection Regulation (GDPR). The PDPL came into effect on 14 October 2020.

The PDPL protects data processed electronically. It applies to both data controllers and processors that process personal data belonging to Egyptian residents, whether or not the organizations are based in Egypt.

egypt dpl dsr

Data subjects’ rights

Under the PDPL, data subjects have the following rights:

What is Egypt’s Data Protection Law

Right to Access

What is Egypt’s Data Protection Law

Right to withdraw consent

Right to delete

What is Egypt’s Data Protection Law

Right to correct and/or update

What is Egypt’s Data Protection Law

Right to limit the processing

What is Egypt’s Data Protection Law

Right to object to processing

What is Egypt’s Data Protection Law

Right to be notified of any breach

Processing principles

Under the PDPL, no personal information can be collected, processed, or disclosed unless there exists a legal basis to do so. Legal basis includes explicit consent of the concerned data subject, the legitimate interest of the data controller or any relevant third-party, performance of a contract, commencement of a legal action, or compliance with a legal obligation. However, where it involves the processing of sensitive personal information, the PDPL requires data controllers to obtain the explicit consent of the concerned data subject even if there is a legitimate interest to process such sensitive personal information.

Obligations of Organizations:

Under the PDPL, organizations have the following responsibilities

What is CCPA

Authorization from the Personal Data Protection Center

For the purposes of enforcement of the law, Egypt will set up the Personal Data Protection Center. All organizations that wish to carry out the processing activities must obtain a license from the Personal Data Protection Center.

What is CCPA

Appointment of the Data Protection Officer

Organizations must appoint a Data Protection Officer, who shall be licensed and approved by the Personal Data Protection Center. The Data Protection Officer shall notify the Personal Data Protection Center of any personal data breach.

What is CCPA

Breach notification requirement

Data controllers and processors must report  any cyber-attacks or personal data breaches to the Personal Data Protection Center as well as to the concerned data subject within 72 hours after having become aware of the breach. Where any personal data breach threatens the national security, companies must report to the relevant authorities and concerned data subjects immediately.

What is CCPA

Cross-border data transfer

Under the PDPL, personal information can be transferred outside Egypt only if the destination country provides equivalent or comparable data protection standards and is authorized by the Personal Data Protection Center. In exceptional cases, the transfer of personal information outside Egypt must take place only after the explicit consent of the concerned data subject, for which certain conditions shall be fulfilled.

What is CCPA

Record of processing activities

Organizations must maintain updated records of their processing activities.

What's Next?

Organizations shall have a grace period of around 21 days to comply with the requirements of the law. A violation of the requirement of the PDPL may result in severe criminal penalties or costly administrative fines. The maximum fine that can be awarded under the law is 5 million Egyptian pounds and imprisonment of up to three year where prison sentences apply.

Egypt's Personal Data Protection Law aims to protect people’s personal information by granting them several rights and protections. Organizations are encouraged to undertake reasonable and appropriate technical measures in line with the requirements introduced by the law.

Privacy ops blue ebook banner

Automating privacy operations across your organization

The multi-disciplinary practice to grow trust-equity of your brand and comply with privacy regulations.

Get the Book

“By leveraging the PrivacyOps constructs from this book across our organization we were able to not only save time and money but also mitigate the risks associated with manual methods of privacy management.”

- Marty Collins, Chief Privacy and Legal Officer, QuinStreet, Inc

Egypt Data Protection Compliance

Automating Compliance

securiti.ai offers an automated solution to enable organizations to comply with the requirements of Egypt’s Personal Data Protection Law, in addition to other applicable privacy regulations, with ease and efficiency. The award-winning solution revolves around the concept of PrivacyOps, which utilizes artificial intelligence and robotic automation to streamline compliance tasks, freeing up crucial resources for other areas of business.

securiti.ai helps organizations discover data over a wide range of internal and external systems, build a People Data Graph to link personal data to each individual, automate data subject requests, assessments, consent management, and more.

To learn how securiti.ai can help your business efficiently implement privacy management, request a demo today.

Frequently Asked Questions (FAQs)

What is the new data protection law in Egypt?

Egypt introduced the Law on the Protection of Personal Data ('the Data Protection Law') issued under Resolution No. 151 of 2020. The law provides data subjects with the right to be informed, right to access, right to rectification, right to erasure, right to object/opt-out, right to data portability, and the right not to be subject to automated decision-making. It also imposes a maximum fine of up to EGP 5 million for violating its provision.

Does GDPR apply to Egypt?

GDPR applies to organizations that process the personal data of individuals within the European Union (EU). Egypt is not part of the EU, so GDPR's direct applicability is limited. However, GDPR might indirectly apply if an Egyptian organization processes the data of EU residents.

Do we have laws regulating IT and cyberspace in Egypt?

Yes, Egypt has regulations related to IT and cyberspace. The "Anti-Cyber and Information Technology Crimes Law" and other legislation govern aspects of online activities, data protection, and cybersecurity within the country.

What is the cybersecurity Law in Egypt?

Egypt's Cybercrime Law No. 175 of 2018 combats cyber threats, while the Personal Data Protection Law No. 151 of 2020 regulates data privacy, ensuring secure online activity and user consent for data processing.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox

Share
More Stories that May Interest You
View More
July 1, 2025
Data Security & GDPR Compliance: What You Need to Know
Learn the importance of data security in ensuring GDPR compliance. Implement robust data security measures to prevent non-compliance with the GDPR.
How DSPM Streamlines Compliance with GDPR, CCPA/CPRA, HIPAA, and Beyond View More
June 30, 2025
How DSPM Streamlines Compliance with GDPR, CCPA/CPRA, HIPAA, and Beyond
DSPM revolutionizes compliance efforts across organizations. Learn how a robust DSPM tool streamlines compliance with key regulations, including GDPR, CCPA/CPRA, HIPAA, and more.
CPRA & Data Security: How to Stay Compliant View More
June 28, 2025
CPRA & Data Security: How to Stay Compliant
Discover the importance of data security in ensuring CPRA compliance. Implement robust data security measures to prevent non-compliance with the CPRA.
Please enter a minimum of 3 characters to begin your search.
Videos
View More
January 20, 2025
Mitigating OWASP Top 10 for LLM Applications 2025
Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...
View More
January 15, 2025
Top 6 DSPM Use Cases
With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...
View More
January 2, 2025
Colorado Privacy Act (CPA)
What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...
View More
December 24, 2024
Securiti for Copilot in SaaS
Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...
View More
November 1, 2024
Top 10 Considerations for Safely Using Unstructured Data with GenAI
A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....
View More
October 29, 2024
Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes
As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...
View More
August 12, 2024
Navigating CPRA: Key Insights for Businesses
What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...
View More
June 3, 2024
Navigating the Shift: Transitioning to PCI DSS v4.0
What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...
View More
January 29, 2024
Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)
AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...
AWS Startup Showcase Cybersecurity Governance With Generative AI View More
October 17, 2023
AWS Startup Showcase Cybersecurity Governance With Generative AI
Balancing Innovation and Governance with Generative AI Generative AI has the potential to disrupt all aspects of business, with powerful new capabilities. However, with...

Spotlight Talks

Spotlight 11:29
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Watch Now View
Spotlight 11:18
Rewiring Real Estate Finance — How Walker & Dunlop Is Giving Its $135B Portfolio a Data-First Refresh
Watch Now View
Spotlight 13:38
Accelerating Miracles — How Sanofi is Embedding AI to Significantly Reduce Drug Development Timelines
Sanofi Thumbnail
Watch Now View
Spotlight 10:35
There’s Been a Material Shift in the Data Center of Gravity
Watch Now View
Spotlight 14:21
AI Governance Is Much More than Technology Risk Mitigation
AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3
You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge
Watch Now View
Spotlight 47:42
Cybersecurity – Where Leaders are Buying, Building, and Partnering
Rehan Jalil
Watch Now View
Spotlight 27:29
Building Safe AI with Databricks and Gencore
Rehan Jalil
Watch Now View
Spotlight 46:02
Building Safe Enterprise AI: A Practical Roadmap
Watch Now View
Spotlight 13:32
Ensuring Solid Governance Is Like Squeezing Jello
Watch Now View
Latest
View More
June 27, 2025
Databricks AI Summit (DAIS) 2025 Wrap Up
5 New Developments in Databricks and How Securiti Customers Benefit Concerns over the risk of leaking sensitive data are currently the number one blocker...
Inside Echoleak View More
June 25, 2025
Inside Echoleak
How Indirect Prompt Injections Exploit the AI Layer and How to Secure Your Data What is Echoleak? Echoleak (CVE-2025-32711) is a vulnerability discovered in...
What Is Data Risk Assessment and How to Perform it? View More
July 3, 2025
What Is Data Risk Assessment and How to Perform it?
Get insights into what is a data risk assessment, its importance and how organizations can conduct data risk assessments.
What is AI Security Posture Management (AI-SPM)? View More
July 2, 2025
What is AI Security Posture Management (AI-SPM)?
AI SPM stands for AI Security Posture Management. It represents a comprehensive approach to ensure the security and integrity of AI systems throughout the...
Beyond DLP: Guide to Modern Data Protection with DSPM View More
June 9, 2025
Beyond DLP: Guide to Modern Data Protection with DSPM
Learn why traditional data security tools fall short in the cloud and AI era. Learn how DSPM helps secure sensitive data and ensure compliance.
Mastering Cookie Consent: Global Compliance & Customer Trust View More
May 28, 2025
Mastering Cookie Consent: Global Compliance & Customer Trust
Discover how to master cookie consent with strategies for global compliance and building customer trust while aligning with key data privacy regulations.
View More
July 2, 2025
Key Amendments to Saudi Arabia PDPL Implementing Regulations
Download the infographic to gain insights into the key amendments to the Saudi Arabia PDPL Implementing Regulations. Learn about proposed changes and key takeaways...
Understanding Data Regulations in Australia’s Telecom Sector View More
June 26, 2025
Understanding Data Regulations in Australia’s Telecom Sector
Gain insights into the key data regulations in Australia’s telecommunication sector. Learn how Securiti helps ensure swift compliance.
Gencore AI and Amazon Bedrock View More
January 7, 2025
Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock
Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...
DSPM Vendor Due Diligence View More
November 18, 2024
DSPM Vendor Due Diligence
DSPM’s Buyer Guide ebook is designed to help CISOs and their teams ask the right questions and consider the right capabilities when looking for...
What's
New