Data is a new area of practice in Egypt, especially with the issuance of the Personal Data Protection Law in 2020 – the first general data protection law in Egypt. Before that, customers’ personal data was protected under specific laws like the Telecoms Law, the Banking Law and so on, and the question of offshore data storage was not necessarily specifically addressed.
The biggest challenge is that the Executive Regulations for the Data Protection Law have not been issued yet, and the Personal Data Protection Centre (the regulator) is not established yet. However, the law has been effective since 16 October 2020, while many regulatory matters are still to be addressed by the Executive Regulations. The law stipulates that the Executive Regulations will be issued by the Minister of Communications and Information Technology within six months from its effective date which means that the Executive Regulations were expected to be issued by the second quarter of 2021 (in practice, Executive Regulations are sometimes issued after the lapse of the deadline prescribed by law). It further states that the entities addressed by the law have a grace period of one year following the issuance of the Executive Regulations to comply with the law’s provisions.
We advise our clients to abide by the requirements of the law as it is in force, and we monitor all news regarding the content and expected issuance date of the Executive Regulations to keep our clients informed.
In my experience the challenges are minimal and gender equity in the field is growing by the day, which is shown by an increasing number of women in senior positions in law firms or multinational organisations or on the board of directors of companies in Egypt. Most recently, women were admitted to assume the functions of judges at the State Council as well.
As mentioned previously, Egypt followed many other jurisdictions is issuing a general privacy law. This has created new job opportunities for data protection officers of both genders, and new processing and contracting requirements which we as lawyers have to address.
A piece of advice I would give aspiring data lawyers and professionals: I believe that protection of personal data is of supreme interest and the laws shall be implemented and interpreted to protect that interest. But young aspiring lawyers should be careful, when issuing privacy advice, not to hinder businesses without a real need if they comply with the law. Furthermore, this area of practice is still new everywhere in the world and has not yet been tested enough in front of courts. We can expect various and interesting applications of the law and its interpretation by corporations and the courts.