Financial Crime World

Egypt Passes Personal Data Protection Law Amid Global Regulatory Trends

=====================================

On July 13, Egypt’s new Personal Data Protection Law was passed and published on July 15. The law is set to take effect on October 14 of this year, with the Executive Regulations expected by April 2021.

Compliance Requirements and Penalties

The Personal Data Protection Law introduces a range of compliance requirements and significant penalties for non-compliance. Corporate clients that process personal data in Egypt or outside the country for individuals in Egypt are urged to familiarize themselves with the new law and take steps to ensure compliance as soon as possible.

Definition of Personal Data

According to the law, “personal data” is defined as any information related to a natural person who can be identified directly or indirectly by reference to other data. This includes:

  • Name
  • Voice
  • Picture
  • Identification number
  • Online identifier
  • Any data that identifies psychological, health, economic, cultural, or social identity

Sensitive Personal Data

Sensitive personal data, such as information about an individual’s mental, physical, or genetic health, biometric data, financial data, religious beliefs, political opinions, or security situation, requires additional protection.

Processing of Personal Data

The law prohibits the processing of personal data without the consent of the data subject, except in cases where permitted by law. Data subjects have a range of rights under the law, including:

  • The right to access their data
  • Withdrawal of consent for its processing
  • Correction or modification of it
  • Deletion or addition of new information
  • Limitation of its use

However, with the exception of the right to be notified of personal data breaches, companies may charge individuals for exercising these rights.

Transfer of Personal Data Outside Egypt

The law contains restrictions on transferring personal data outside Egypt, except in cases where explicit consent is given by the individual, or when necessary for international judicial cooperation or to prevent harm.

Penalties for Non-Compliance

The new law includes penalties for non-compliance, ranging from imprisonment and fines of up to EGP 1 million (approximately USD 63,000) to imprisonment and fines of up to EGP 3 million (approximately USD 189,000).

Next Steps

As the Executive Regulations have yet to be issued, companies processing personal data in Egypt or outside the country for individuals in Egypt are advised to start familiarizing themselves with the requirements of the new law and take steps to ensure compliance.