What is Egypt’s Data Protection Law

With emerging technology and the world becoming more digital, countries all over the world are drafting comprehensively data privacy regulations. Joining the global movement, the government of Egypt has passed its first-ever Personal Data Protection Law (PDPL), which is very much in line with the requirements of the global best practice, the EU’s General Data Protection Regulation (GDPR). The PDPL came into effect on 14 October 2020.

The PDPL protects data processed electronically. It applies to both data controllers and processors that process personal data belonging to Egyptian residents, whether or not the organizations are based in Egypt.

Processing principles

Under the PDPL, no personal information can be collected, processed, or disclosed unless there exists a legal basis to do so. Legal basis includes explicit consent of the concerned data subject, the legitimate interest of the data controller or any relevant third-party, performance of a contract, commencement of a legal action, or compliance with a legal obligation. However, where it involves the processing of sensitive personal information, the PDPL requires data controllers to obtain the explicit consent of the concerned data subject even if there is a legitimate interest to process such sensitive personal information.

What's Next?

Organizations shall have a grace period of around 21 days to comply with the requirements of the law. A violation of the requirement of the PDPL may result in severe criminal penalties or costly administrative fines. The maximum fine that can be awarded under the law is 5 million Egyptian pounds and imprisonment of up to three year where prison sentences apply.

Egypt's Personal Data Protection Law aims to protect people’s personal information by granting them several rights and protections. Organizations are encouraged to undertake reasonable and appropriate technical measures in line with the requirements introduced by the law.