News & Insights
All Categories
- Insights (143)
- Firm News (69)
- CSR (10)
- COVID-19 (2)
- Briefings (73)
- Antitrust (1)
- Banking & Finance (20)
- Corporate (21)
- Corporate Crimes (3)
- Dispute Resolution (5)
- Employment (4)
- Energy & Electricity (2)
- Intellectual Property Rights (1)
- Mergers & Acquisitions (2)
- Real Estate (2)
- Telecoms, Media & Technology (14)
Egypt Personal Data Protection Law: New Compliance Developments
Partner in charge
In light of the issuance of the Executive Regulations of Personal Data Protection Law No. 151 of 2020 (the “Personal Data Protection Law”), the Personal Data Protection Centre (“PDPC”) has recently convened an in-depth discussion panel addressing both the regulatory framework and practical considerations for compliance therewith. The session aimed to clarify readiness requirements and to highlight the key challenges that organizations may encounter as they prepare to align with the new framework.
During the panel, the PDPC outlined the anticipated timelines for its full operational rollout, including the launch of its electronic portal, which is intended to function as the central platform for all regulatory processes, and related procedures. The PDPC further outlined the expected timeframe for organizations to achieve full compliance with the Personal Data Protection Law and reaffirmed its supervisory role in overseeing and enforcing adherence to the law’s provisions.
A significant portion of the discussion focused on practical implementation challenges faced by entities. In particular, the PDPC highlighted issues relating to the appointment of a Data Protection Officer (“DPO”), particularly for foreign-appointed DPOs operating in Egypt, as well as broader operational, technical, and governance-related requirements necessary to ensure compliance. The PDPC acknowledged these challenges while emphasizing the importance of early preparation.
Importantly, the panel underscored that, upon the expiry of the grace period prescribed under the Executive Regulations ending on November 1, 2026, organizations will be expected to demonstrate substantive and good faith compliance with the Personal Data Protection Law. In this context, the PDPC indicated that its electronic portal is expected to be launched around mid-June 2026, at which point it will begin accepting applications for the necessary licenses, permits, and accreditations in accordance with the applicable regulatory framework.
In the interim, organizations are strongly encouraged to advance their compliance efforts by implementing the required technical and organizational measures. Such measures include, inter alia, conducting comprehensive data mapping exercises to identify the categories and volume of personal data they process, as well as designating a qualified individual to act as a DPO.
These developments mark a critical phase in the implementation of Egypt’s data protection regime, reflecting a transition toward a more structured, transparent, and enforceable regulatory environment, with heightened expectations for compliance by all relevant stakeholders.