Egypt Data Protection

On July 17, 2020 Egypt promulgated its Data Protection Law (law no. 151 of 2020). The law follows some of the provisions of the EU’s General Data Protection Regulation (GDPR). It governs the handling and management of all personal data, except that is handled by the Central Bank of Egypt and all the entities under its supervision.

The law will become effective on October 15, 2020. The Government of Egypt (GOE) has given a grace period of 21 months from the date of issuance for companies to abide by the law. Each company must assign a data protection officer or else pay a fine of 2 million Egyptian Pounds (around $125 thousand).

The law imposes licensing requirements for data processing, data control, handling of sensitive data, electronic marketing, and cross-border transfer of data.

The law provides severe fines for violations of its various provisions. It applies to any data controller and/or processor who is: an Egyptian national inside or outside of Egypt, foreign national living inside Egypt, foreigner residing outside of Egypt, provided that the violation is punishable in the country where the violation occurred and the data belongs to Egyptians or foreigners residing in Egypt.

The Data Protection Law imposes several sanctions and determined that four acts will lead to imprisonment. They are:

• Breach of the conditions for cross border data transmission
• Dealing with sensitive data without the clear written consent of the owner of the data or breach of the relevant provisions of the law
• Breaking the provisions of the law by any data processor or controller who deals in personal data, or processing or handling of personal data with the aim of exposing the data to danger
• Preventing the representatives of the data protection center from performing their duties

For a translated copy of the law, and for more information, please feel free to contact office.cairo@trade.gov.