Practices
Sectors
Country Groups
Find a Lawyer

Book an appointment with us, or search the directory to find the right lawyer for you directly through the app.

Find out more

Legal Leaders in MENA

As we witness the evolution of the regulatory landscape across the MENA region, it was timely for us to investigate and lift the lid, on what is keeping the region’s legal decision-makers awake at night.

Our first-of-its-kind report titled Legal Leaders in MENA is out now! It captures the views of 700 legal decision-makers across nine countries and 13 industry sectors in MENA, as well as in-depth interviews with experts from key sectors such as financial services and education to name a few, which revealed the emerging risks and priorities challenging the legal sector across the region. 

Read the full report and share your feedback with us at legalleaders@tamimi.com.

Read the full report

The leading law firm in the Middle East & North Africa region.

A complete spectrum of legal services across jurisdictions in the Middle East & North Africa.

Today's news and tomorrow's trends from around the region.

17 offices across the Middle East & North Africa.

Cancel
Find out more

Our Firm Back

Our Services Back

Our Knowledge Back

Our Offices Back

Published: Jul 21, 2020

Egypt passes new Personal Data Protection Law

Egypt’s Personal Data Protection Law was passed on 13 July 2020 and published on 15 July 2020. It will come into force on 14 October 2020, and the Executive Regulations are expected by 14 April 2021.

The Personal Data Protection Law introduces a variety of compliance requirements, as well as some significant criminal penalties.

The Personal Data Protection Law defines “Personal Data” as any data related to an identified natural person, or to a natural person identifiable, directly or indirectly, by reference to any other data, such as name, voice, picture, identification number, online identifier, or any data that identifies psychological, health, economic, cultural or social identity. “Sensitive Personal Data” is defined as Personal Data that discloses psychological, mental, physical or genetic health, biometric data, financial data, religious beliefs, political opinions or security situation; and Personal Data relating to children is deemed to be Sensitive Personal Data.

The Personal Data Protection Law prohibits the processing of personal data except with the consent of the data subject, or where otherwise permitted by law.

Data subjects have various rights under the Personal Data Protection Law. These include:

  • The right to know what personal data is being processed by whom, and to access the same;
  • The right to withdraw consent in respect of processing personal data;
  • The right to correct, modify, delete, add or update his or her personal data;
  • The right to limit processing of his or her personal data within a limited scope; and
  • The right to be notified of any personal data breach involving his or her personal data.

The Personal Data Protection Law contemplates that entities processing personal data will be required to appoint a Data Protection Officer. Further details as to this requirement can be expected in the Executive Regulations.

Subject to certain exceptions, the Personal Data Protection Law contains a general prohibition on the transfer of personal data to recipients located outside Egypt except with the permission of the (yet to be established) Egyptian Data Protection Centre and where the level of protection provided is not less than that provided in Egypt pursuant to the Personal Data Protection Law. The Executive Regulations will specify the policies, standards, guidelines, and rules necessary for transferring personal data across borders.

The Personal Data Protection Law provides specific requirements applicable to digital marketing.

The Personal Data Protection Law provides for a variety of criminal offences, with a range of penalties – including fines and imprisonment. These include:

  • Collecting, processing, disclosing, providing access to, or circulating personal data, by any means, other than with the consent of the data subject, or as otherwise permitted by law;
  • Processing personal data other than in accordance with the personal data protection law;
  • Preventing a data subject from exercising rights granted pursuant to the Personal Data Protection Law;
  • Failure of a data controller or data processor to comply with specific obligations, and notification/reporting requirements, as specified in the Personal Data Protection Law;
  • Failure to appoint a Data Protection Officer, or to provide the same with essential requirements to perform duties;
  • Failure of a Data Protection Officer to perform duties as specified in the Personal Data Protection Law;
  • Transferring personal data other than in accordance with the Personal Data Protection Law; and
  • Failure to comply with digital marketing requirements pursuant to the Personal Data Protection Law.

Corporate clients processing personal data in Egypt, or outside Egypt in respect of individuals in Egypt, should familiarise themselves with the requirements and ensure compliance as soon as possible.

 

For further information or to discuss Egypt’s new Personal Data Protection Law in more detail, please contact:

Ayman Nour
Partner, Head of Office – Egypt
Corporate Structuring
a.nour@tamimi.com

Nick O’Connell
Partner & Head of TMT – KSA
n.oconnell@tamimi.com

Related Insights

banner-02
Issuance of Egypt’s FinTech Law
banner-02
An overview of Saudi Arabia’s new Personal Data Protection Law
banner-02
Data Protection in Jordan: An Overview of the Current and Future Framework

by Khaled Saqqaf / Dana Abduljaleel

banner-02
Foreword | Technology, Media and Telecommunications

by Samer Qudah

banner-02
Technology, media, telecoms: past, present, and future

by Nick O’Connell

banner-02
Bahrain Data Protection- Proposed Regulation of ‘Technical and Organisational Measures’

by Andrew Fawcett