Data & Privacy · Egypt
Data protection & privacy laws in Egypt (2026)
Egypt shaded by its data & privacy status
Egypt has a comprehensive, GDPR-inspired data protection regime. Law No. 151 of 2020 entered into force on 17 October 2020, but its operational backbone — the Executive Regulations and the supervisory authority — only became active when the Regulations were issued in November 2025. Full enforcement applies after a one-year transitional grace period, with the compliance deadline on/around 1 November 2026.
Key points
Law No. 151 of 2020 is Egypt's first comprehensive personal data protection statute. It was ratified on 13 July 2020 and entered into force on 17 October 2020 (90 days after publication in the Official Gazette), grounded in the privacy protections of Article 57 of the Egyptian Constitution.
After a roughly five-year delay, the Executive Regulations were issued by MCIT Decree No. 816 of 2025 and entered into force in November 2025, bringing the regime fully into operation with detailed rules on consent, licensing, record-keeping, retention, security and breach response.
The Personal Data Protection Center, a public economic authority operating under MCIT supervision, is the regulator responsible for implementing, monitoring and enforcing the law, issuing licences and permits, and investigating violations. Most processing activities require prior PDPC authorization, licensing or permitting.
The PDPL grants individuals rights to be informed, access, rectify, erase, object/withdraw consent, port their data, and not be subject to certain automated decision-making. Denying these rights without lawful justification carries a fine of EGP 100,000 to EGP 1 million.
Controllers and processors must appoint a Data Protection Officer licensed and approved by the PDPC. Personal data breaches must be reported to the PDPC within 72 hours, with notification to affected individuals within three working days; DPO negligence carries fines of EGP 50,000 to EGP 500,000.
Transfers of personal data outside Egypt are generally prohibited unless the destination provides protection equivalent to Egypt's, a PDPC licence is obtained, and data-subject consent is given. Violations can lead to imprisonment of at least three months and/or fines of EGP 500,000 to EGP 5 million.
Timeline - major decisions & events
Prime Ministerial Decree No. 816 / MCIT Decision No. 81 of 2025 issued the long-awaited implementing regulations, made the Personal Data Protection Center operational, and introduced licensing, breach-notification (72 hours) and tiered-fee rules; a 12-month grace period sets full enforcement for 31 October 2026.
Clyde & Co ↗A breach exposed personal data of large numbers of Egyptian students, highlighting weak data-security practices in the public sector ahead of the privacy law's enforcement.
Human Rights Watch ↗A scraped dataset exposed names, phone numbers, locations and other details of nearly all Facebook users in Egypt, underscoring the scale of personal-data exposure as the new law took shape.
Egyptian Streets ↗Egypt's first comprehensive data-protection law took effect 90 days after publication, establishing GDPR-inspired rights, lawful processing bases, cross-border transfer controls and the Personal Data Protection Center.
Library of Congress ↗Claims of a leak of Vodafone Egypt customer data prompted a fact-finding committee under the National Telecom Regulatory Authority, an early test of telecom data-protection oversight.
Egypt Today ↗Ratification and publication in the Official Gazette (15 July 2020) created Egypt's first standalone personal-data framework, with enforcement set to begin 90 days later.
Ministry of Communications and Information Technology ↗The House of Representatives approved the Personal Data Protection bill, modeled in part on the EU GDPR, prohibiting processing of personal data without consent except in defined cases.
IAPP ↗The cybercrime law imposed a 180-day data-retention duty on telecom/service providers and website-blocking powers, shaping the surveillance-and-data-handling backdrop that the later privacy law operates within.
Library of Congress ↗Articles 57 and 99 made private life inviolable, protected confidentiality of communications and treated violations as crimes, providing the constitutional foundation for later data-protection legislation.
ICLG ↗The law regulated electronic signatures and transactions and created the Information Technology Industry Development Authority, an early pillar of Egypt's digital-data legal infrastructure.
WIPO Lex ↗Egypt - other topics
Last verified 5/23/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →