Privacy Law at Egypt
Egypt's Personal Data Protection Law No. 151 of 2020 (PDPL), effective since October 14, 2020, is the country's first comprehensive legislation governing the collection, processing, and transfer of personal data. Modeled after the European Union's General Data Protection Regulation (GDPR), the PDPL introduces significant obligations for organizations and rights for individuals.
ðªð¬ Key Provisions of Egyptâs PDPL
1. Legal Basis for Data Processing
Processing personal data is lawful only i:
The data subject's explicit consent is obtaine.
Processing is necessary for fulfilling contractual obligation.
Compliance with legal obligations is require.
Processing is essential for the protection of vital interest.
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authorit.
Processing is necessary for legitimate interests pursued by the data controller or a third party, provided these interests are not overridden by the data subject's rights and freedom.
2. Rights of Data SubjectsîIndividuals have the right t:
Access their personal dat.
Rectify inaccurate or incomplete dat.
Erase their data under certain condition
Restrict or object to processin.
Be informed about data breache.
Withdraw consent at any tim.
3. Sensitive Personal Data
Categories of sensitive data includ:
Health informatio.
Biometric dat.
Financial dat.
Religious belief.
Political opinion.
Criminal record.
Children's dat. Processing such data requires explicit consent or a valid legal basi.
4. Cross-Border Data Transfers
Personal data can only be transferred outside Egypt i:
The destination country ensures an adequate level of data protectio.
The data subject has provided explicit consen.
The transfer is necessary for the performance of a contrac.Transfers to countries without adequate protection require prior approval from the Egyptian Data Protection Center (EDPC
5. Data Protection Officer (DPO)
Organizations must appoint a licensed DPO who is responsible fo:
Ensuring compliance with the PDP.
Monitoring data processing activities.
îReporting data breaches to the EDP. Failure to appoint a DPO can result in fines ranging from EGP 100,000 to EGP 1 millio.
6. Breach Notification
Organizations must notify the EDPC and affected individuals within 72 hours of becoming aware of a data breac. If the breach involves national security concerns, immediate notification is require.
7. Penalties for Non-Compliance
Violations of the PDPL can result i:
Fines up to EGP 5 millio.
Imprisonment for up to three year.
Suspension or closure of the organizatio.Managers may also be held liable for violations committed by their organization.
â Compliance Checklist for Organizations
To comply with the PDPL, organizations should:
Appoint a licensed Data Protection Office.
Obtain consent from data subjects before processing their dat.
Implement data protection policies and procedure.
Ensure security measures are in place to protect personal dat.
Maintain records of data processing activitie.
Establish procedures for handling data breache.
Review and update data processing agreements with third partie.
RELATED Blog
0 comments