ARTICLE
2 September 2020

New Privacy Protection Law Implements GDPR-Like Principles

PC
Pearl Cohen Zedek Latzer Baratz

Contributor

Pearl Cohen Zedek Latzer Baratz logo
Pearl Cohen is an international law firm with offices in Israel, the United States, and the United Kingdom. Our strength is derived from decades of legal experience and an intimate knowledge of the cutting edge technological, legal, and transactional issues facing our clients in local and cross border matters. This combination of experience and knowledge allows us to provide sound and innovative advice to clients worldwide.
Explore Firm Details
The Egyptian Parliament has adopted a new privacy protection law. The new law will apply to companies established in Egypt and to companies that are established outside of Egypt...
Egypt Privacy
Photo of Haim Ravia
Photo of Dotan Hammer
Photo of Adi Shoval
Authors

The Egyptian Parliament has adopted a new privacy protection law. The new law will apply to companies established in Egypt and to companies that are established outside of Egypt but that process personal information of individuals in Egypt.

The law provides that the collection and processing of personal information of individuals in Egypt are permitted only subject to their consent and that data subjects shall have the right to withdraw their consent at any time. Controllers and processors will be required to take technical measures to secure personal data and prevent disclosure of data to third parties unless permitted by law. The law also restricts the transfer of personal data out of Egypt and requires controllers and processors to obtain a license from the Information Protection Center for such a transfer. Additionally, processors are required to process the data only for the purposes for which it was collected, for the minimum necessary period according to the purposes for which it was collected. They also are required to maintain a record of their processing activities.

The law further requires that controllers and processors report a security incident to the relevant authorities within 72 hours and inform data subjects about any security incident relating to their personal data.

In addition, the law regulates direct marketing communications and provides that entities desiring to use personal data for direct marketing purposes must obtain a license from the Information Protection Center, obtain the consent of data subjects and keep a record of such consent for three years.

The law will enter into force on October 16, 2020. Its implementing regulations are expected to be published six months thereafter. Violation of the law may attract criminal liability for the violating entity as well as on senior members of the violating entity responsible for the protection of personal information.

CLICK HERE to read the new Egyptian privacy protection law (in Arabic and English translation).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Haim Ravia
Haim Ravia
Photo of Dotan Hammer
Dotan Hammer
Photo of Adi Shoval
Adi Shoval
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More