Sat, 25 Jun 2022 - 10:36 GMT
Sat, 25 Jun 2022 - 10:36 GMT
CAIRO – 25 June 2022: Egypt’s Personal Data Protection Law No. 151 of 2020, came as a legislative breakthrough towards securing the personal data of citizens, and regulating the protection of electronically processed personal data during its collection, storage or processing.
The law defines personal data as any data related to a specific natural person, or who can be identified directly or indirectly by linking these data with any other data such as name, voice, image, identification number, or online identifcation, or any data that determines psychological, health, economic, cultural or social identity.
The law also defines the person concerned with the data as any natural person to whom electronically processed personal data is attributed by law or action, and who was able to distinguish him from others.
According to the law, its provisions do not apply to specific types of data, including personal data, which are processed exclusively for informational purposes, provided that they are true and accurate, and are not used for any other purposes, without prejudice to the legislation regulating the press and media.
According to the law, personal data protection official “shall be responsible for implementing the provisions of the law and its executive regulations and the decisions of the center, monitoring the procedures in force within its supervising entity, and receiving requests related to personal data in accordance with the provisions of this law.”
The executive regulation of this law defines the obligations, procedures and other tasks that the personal data protection official must perform.
Accordingly, officials responsible for personal data protection, are obliged to:
- Conduct evaluation and periodic examination of personal data protection systems and prevent its penetration.
- Document the results of the evaluation and issue necessary recommendations to protect them.
- Act as a direct point of contact with the center of data protection, and implement its decisions, with regard to the application of the provisions of this law.
- Enable the person concerned with the data to exercise his rights stipulated in this law.
- Notify the center of data protection in the event of any breach or violation of personal data.
- Respond to the requests submitted by the person concerned with the data or any person with such capacity, and responding to the center in the grievances submitted by either of them in accordance with the provisions of this law.
- Follow up on the registration and updating phases of the personal data record or the record of processing operations, in order to ensure the accuracy of the data and information recorded therein.
- Remove any irregularities related to personal data within his entity, and taking corrective measures in this regard.
- Organize the necessary training programs for the employees of his entity, to qualify them in line with the requirements of this law.