SecurePrivacy Logo

Egyptian Data Protection Law

View Law Text
Maximum Fine
EGP 5M
Scope
National
Regulator
DPC
Enacted
2020

Need Help with Egyptian Data Protection Law Compliance?

Get expert guidance on implementing Egypt's data protection requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

The Data Protection Law establishes comprehensive requirements for the processing of personal data in Egypt, enforced by the Data Protection Center (DPC).

Key Facts

  • Enacted in 2020
  • Enforced by Data Protection Center
  • Includes licensing requirements

Key Principles

Lawfulness and Consent

Personal data must be processed lawfully and with proper authorization.

Requirements

  • Obtain explicit consent
  • Document legal basis
  • Maintain consent records
  • Regular compliance reviews
  • Enable consent withdrawal

Examples

  • Consent collection forms
  • Legal basis documentation
  • Consent withdrawal mechanisms
  • Compliance records

Transparency

Organizations must be transparent about their data processing activities.

Requirements

  • Clear privacy notices
  • Processing purpose disclosure
  • Data sharing information
  • Rights notification
  • Regular updates

Examples

  • Privacy policies
  • Data processing notices
  • Rights information
  • Communication records

Data Security

Implementation of appropriate technical and organizational security measures.

Requirements

  • Security risk assessments
  • Technical safeguards
  • Staff training
  • Incident response
  • Regular audits

Examples

  • Security protocols
  • Training programs
  • Incident plans
  • Audit reports

Compliance Requirements

Licensing Requirements

Organizations must obtain licenses for data processing activities from the DPC.

Implementation Steps

  • Submit license application
  • Document processing activities
  • Pay licensing fees
  • Maintain license status
  • Update when changes occur

Required Documentation

  • License certificates
  • Processing records
  • Payment receipts
  • Status updates
  • Change notifications

Data Protection Measures

Implementation of appropriate technical and organizational measures.

Implementation Steps

  • Conduct risk assessments
  • Implement security controls
  • Train staff on security
  • Regular security audits
  • Document security measures

Required Documentation

  • Security policies
  • Risk assessments
  • Training records
  • Audit reports
  • Security documentation

Cross-Border Transfers

Requirements for transferring personal data outside Egypt.

Implementation Steps

  • Assess recipient country adequacy
  • Implement transfer safeguards
  • Obtain DPC approval
  • Document transfers
  • Monitor compliance

Required Documentation

  • Transfer assessments
  • Safeguard documentation
  • Approval records
  • Transfer logs
  • Monitoring reports

Enforcement & Penalties

Administrative Penalties

The Data Protection Center (DPC) can impose administrative penalties for violations of the law.

Penalty Categories

Severe Violations
Up to EGP 5M
For serious breaches of data protection requirements
Processing Violations
Up to EGP 2M
For unauthorized processing of personal data
Documentation Violations
Up to EGP 1M
For failure to maintain required documentation

Example Cases

Financial Institution
EGP 3M
2023 - Unauthorized data sharing with third parties
Technology Company
EGP 1.5M
2022 - Insufficient security measures leading to data breach

Criminal Penalties

Serious violations may result in criminal prosecution.

Penalty Categories

Intentional Violations
Up to EGP 5M and imprisonment
For deliberate violations of the law
False Statements
Up to EGP 2M
For providing false information to authorities
Obstruction
Up to EGP 1M
For obstructing investigations

Example Cases

Data Breach Case
EGP 4M
2023 - Intentional exposure of sensitive personal data
Compliance Violation
EGP 2.5M
2022 - Repeated non-compliance with DPC orders