Law No. 151/2020 Egypt

    Overview

    The Egyptian Personal Data Protection Law, Law No. 151 of 2020, regulates the collection, processing, storage, and transfer of personal data. It applies to all electronic personal data processing, mandating the protection of data belonging to natural persons. The law imposes clear obligations on data controllers and processors and grants specific rights to data subjects. Special provisions govern sensitive personal data, cross-border transfers, and data breaches.

     

    Regulation Summary

    Timeline
    • July 13, 2020: Law No. 151 is enacted.
    • October 14, 2020: Law is published in the Official Gazette.
    • October 2022: Deadline for full compliance.
    What Businesses Are Affected
    • All businesses processing personal data in Egypt, including both public and private entities.
    • Foreign entities processing Egyptian residents’ data, provided they offer goods or services within Egypt.
    • Entities handling sensitive data such as health, financial, and biometric information.
    Exemptions
    • Processing of personal data for personal or household purposes.
    • Government agencies processing data for national security, law enforcement, or judicial purposes.
    • Data processing for media, journalistic, or academic research when conducted in accordance with ethical standards.
    Responsibilities for Businesses
    • Lawful Processing: Data must be collected based on consent or another legal basis.
    • Purpose Limitation: Data must be used for the specific purpose collected.
    • Data Security: Implement appropriate security measures to protect personal data from breaches.
    • Accountability: Businesses must document data processing activities and appoint responsible officers.
    Specific Responsibilities for Website Owners
    • Cookie Consent: Websites must obtain consent before storing non-essential cookies.
    • Privacy Notice: A clear and accessible privacy policy must be displayed.
    • User Rights Portal: Websites must allow individuals to exercise their data rights.
    • Secure Data Transmission: Personal data collected online must be encrypted.
    Additional Requirements
    • Cross-Border Data Transfers: Permitted only if the receiving country provides adequate data protection or appropriate safeguards.
    • Data Protection Officer (DPO): Required for businesses processing large-scale or sensitive data.
    • Impact Assessments: Mandatory for high-risk data processing activities, including profiling and automated decision-making.
    Data Subject Rights
    • Access: Individuals can request copies of their personal data.
    • Rectification: Right to correct inaccurate or incomplete data.
    • Erasure: Right to request deletion of personal data under certain conditions.
    • Portability: Right to obtain and transfer personal data.
    • Objection: Right to refuse data processing for direct marketing or other purposes.
    • Restriction: Right to limit processing in specific circumstances.
    Enforcement
    • Regulatory Body: The Personal Data Protection Center (PDPC) will oversee enforcement once it is established .
    • Fines: Penalties range from 100,000 to 5 million Egyptian pounds (~$3,200 to $160,000 USD).
    • Legal Actions: Violations may result in imprisonment in severe cases.
    illustration of contact means

    Questions?

    If you would like to learn more, our compliance experts are happy to support you.

    Leave us a Message
    support@clym.io
    +1 980 446 8535 +1 866 275 2596