By Nick O'Connell, Firm: TMT - KSA Riyadh

Despite the entry into force of the GDPR in 2018, Egyptian legislation concerning data protection is still at a very early stage. This article sets out the current status.

Some recent media reports have indicated that the Egyptian parliament has approved a draft data protection law. It seems that these reports are not quite accurate, and should have simply reported that a draft data protection law has been reviewed by a parliamentary committee. It is unclear whether the draft law has been prepared with GDPR in mind. At this very early stage of the legislative process, there is a high likelihood that the draft will undergo amendments.

In the absence of a modern data protection law, there are other Egyptian law considerations that could be material in the context of considering personal data processing activities, either in an HR context or more broadly. These range from general provisions protecting privacy or providing for remedies where someone causes damage to another, through to specific provisions in the anti-cybercrime legislation that could be material in the context of data processing activities.

Depending on the circumstances of a data breach, it may be prudent to consider notifying law enforcement authorities and affected individuals, although there is no generally applicable legal obligation to do so.