Egyptian Law on Personal Data Protection
Overview of the Law
The Egyptian law on personal data protection outlines provisions for safeguarding sensitive information. The law is based on the European Union’s General Data Protection Regulation (GDPR) model with adjustments to suit Egypt’s specific needs and jurisdiction.
Key Provisions
Transborder Data Flow
- Conditions for Transfer: Article 14 and 15 discuss the conditions under which personal data can be transferred across borders.
- Data Subject Consent: Consent is required for direct marketing communications.
- Transparency: Senders must clearly indicate their identity and purpose for communication.
Direct Electronic Marketing
- Right to Opt-Out: Data subjects have a right to withdraw their consent at any time.
- Record-Keeping: Senders must maintain electronic records of consent or non-objection for three years.
Personal Data Protection Center
The law establishes a public economic authority responsible for protecting personal data and regulating its processing and availability. The center’s responsibilities include:
- Developing policies and strategic plans for personal data protection
- Unifying policies and plans across different entities
- Setting decisions, regulations, precautions, procedures, and criteria related to data protection
- Cooperating with entities to guarantee personal data protection measures
Implementation and Enforcement
The Personal Data Protection Center will play a crucial role in implementing and enforcing this law. The center’s responsibilities include:
- Developing policies and strategic plans for personal data protection
- Unifying policies and plans across different entities
- Setting decisions, regulations, precautions, procedures, and criteria related to data protection
- Cooperating with entities to guarantee personal data protection measures
Conclusion
The law aims to provide a framework for protecting personal data in Egypt, promoting transparency, accountability, and individual rights.