On the 15th of July 2020, Egypt enacted the Data Protection Law No. 151 of 2020 (hereinafter the “DPL” or the “Law”), the first of its kind for the state, to govern the activities related to personal data recipients, controllers, and processors. The DPL will come into effect three months following its publication in the official gazette, where it has been decreed that the Executive Regulations shall follow within six months after said publication. However, companies are required to comply with the DPL no later than a year after the Executive Regulations have been published.
Given the global dependency on digitalization, the DPL has been long called for, in order to ensure that users’ (the “Data Subjects”) rights, privacy and data are protected when being processed, stored and/or transferred. Under the DPL, personal data encompasses any data related to an identified natural person or identifiable, either directly or indirectly, through a connection made between this data and any other data; such as a name, voice, photo, identification number, online information identifiers, or any data identifying psychological, genetic, economic, cultural or their social identity.
Data Subjects have a right to be informed of when their personal data will be processed, stored and/or transferred, and the purpose behind carrying out these aforementioned actions. The Law also requires prior consent for such uses, which may be withdrawn at any point by the Data Subject.
DPL’s territorial scope extends beyond the borders of the Arab Republic of Egypt with respect that it applies to anyone who commits a crime stipulated in the law, whether the perpetrator is an Egyptian inside or outside Egypt, or a non-Egyptian residing inside Egypt, or non-Egyptians outside Egypt if the act is punishable in the country in which it occurred and the Data Subject to the crime is an Egyptian or foreigners residing in Egypt.
One of the key aspects of the Law is the establishment of a data protection center (the “Center”). The Center will be the entity tasked with laying the groundwork for data protection regulations, procedures, policies and the overall national plan. The Center will have oversight on matters and breaches dealing with data protection.
Compliance with the new Law will likely be clearer after the issuance of the DPL’s Executive Regulations; however, certain compliance criteria is already evident. Entities storing, processing, collecting and/or transferring Personal Data will have to: (1) have a Data Protection Officer (the “DPO”), (2) the DPO must be licensed by the Center, (3) the DPO must provide the Center with regular reports as well as report any breaches and (4) the DPO is to remain independent of the corporate body he/she works for.
Failure to comply with the Law exposes the organization to criminal liability; this is besides the administrative penalties such as warnings, suspensions and/or withdrawal of the license. Depending on the crimes committed, penalties may range from small to substantial fines to as harsh as imprisonment.
Thus, the key takeaways from the DPL is the establishment of the Center, the appointment of a DPO, the Economic Courts being the court of competence and that criminal liability and harsh monetary fines may arise out of breaches in compliance of the Law.
How we can help
Under the DPL, companies processing, storing, controlling and/or transferring the personal data of Egyptians and Residents will need to comply.
Eldib Advocates’ dedicated a Data Protection Team comprising of IP, IT and Compliance lawyers who would be happy and are ready to assist your organization, be it a startup, SME, or large enterprise, to comply with these new requirements prior to them coming into effect. The Law imposes onerous fines and penalties for non-compliance; thus, our goal is to enable you to conduct your business in compliance with said Law with confidence, clarity and accuracy.
We can support clients in a variety of industries and sectors; i.e. Shipping/Transportation, Telecommunication and Media, Hospitality, Insurance, Retail, Real Estate, and Financial Entities such as exchanges, private money transfer companies, etc.
Please feel free to reach out to email@example.com should you have any questions or require any assistance in this regard.