Financial Crime World

Data Protection Law in Egypt: An Overview

The Data Protection Law in Egypt is a comprehensive legislation that aims to safeguard personal data and prevent its misuse. The law sets out key provisions related to data protection, privacy, and security, providing a regulatory framework for controllers and processors of personal data.

Key Provisions

Data Protection Principles

  • Accuracy and Completeness: Personal data must be accurate, complete, and up-to-date.
  • Purpose Limitation: Controllers and processors are required to implement measures, methods, and procedures for processing personal data in accordance with the specified purpose.
  • Right to Access and Rectify: Data subjects have the right to access, rectify, erase, object to, or refuse electronic communication.

Data Protection Officer (DPO)

  • Appointment: Controllers and processors are required to appoint a competent employee as the DPO.
  • Responsibilities: The DPO is responsible for protecting personal data and implementing the provisions of the law.
  • Registration: The DPO must be registered with the Data Protection Commission (DPC).

Data Breach Notification

  • Notification Deadline: Controllers and processors must notify the DPC within 72 hours in case of a breach or violation of personal data.
  • Data Subject Notification: Data subjects must be notified within three days.

Penalties for Violations

  • Fines: Fines ranging from EGP 100,000 to EGP 1 million (approximately $3,236 to $32,361).
  • Imprisonment and Fines: Imprisonment for up to six months and fines ranging from EGP 200,000 to EGP 2 million (approximately $6,472 to $64,724) in case of intentional or malicious data breaches.
  • Unauthorized Data Transfers: Fines ranging from EGP 500,000 to EGP 5 million (approximately $16,180 to $161,798).

Conclusion

The Data Protection Law in Egypt aims to protect personal data and prevent its misuse. By establishing a regulatory framework for data protection, setting out principles for processing personal data, and providing penalties for violations, the law provides a comprehensive framework for controllers and processors of personal data to ensure compliance with data protection regulations.