Egyptian Data Protection Law Approved
Egypt’s President has approved the Personal Data Protection Law. Egypt Law No. 151/2020 will promote the security of personal data, which is being processed and stored online. It also sets a legal framework to regulate data transmission with other countries. The draft law was approved by the country’s House of Representatives in February. It prohibits the collecting of or processing individuals’ data or spreading them without the permission of the relevant individuals, except in specific cases. It will apply to Egyptians in the country and expatriates. It will be also enforced on non-Egyptians in and outside Egypt as long as the data belong to Egyptian citizens or foreigners staying inside Egypt. Those who violate the Law will be jailed for up to one year and fined between 100,000 and one million Egyptian Pounds.
A Personal Data Protection Centre will be established and will be responsible for protecting personal data and regulating its availability and processing. A Controller or processor of data will have to inform the Centre of any personal data protection breaches within 72 hours of identifying it. Where the breach affects national security, data controllers and processors must notify the Centre within 24 hours and national security authorities.
They will also be responsible for developing strategic plans, policies and programmes to protect personal data and will have to work with all the relevant Government and non-Government bodies to execute protection measures.
It will consist of representatives from the Justice and Foreign Affairs Ministries, the General Intelligence Service and the Administrative Control Authority. It will have three members who will be chosen by the relevant Minister. In terms of cross-border personal data protection, it is prohibited to carry out transfers, storage, or sharing of personal data which was collected or prepared for processing to a foreign country unless there is a level of protection which is line with the requirements of the law and it will have to be licensed or authorised by the Personal Data Protection Centre.