Egypt PDPL

Egypt

21 domains

29 controls

Egypt Personal Data Protection Law No. 151 of 2020.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (21)

Controller Duties

1 controls

Controls in the Controller Duties domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-ART8-CONTROLLER-OBLIGATIONS	Controller Obligations	Controllers must ensure accuracy, secure storage, lawful processing, retention only as needed, and maintenance of record...

Cross Border Transfers

2 controls

Controls in the Cross Border Transfers domain of Egypt PDPL — 2 controls
Code	Title	Description
PDPL-ART14-CROSS-BORDER	Cross Border Transfer Restriction	Transferring personal data outside Egypt requires the recipient country to provide a level of protection no less than th...
PDPL-ART15-TRANSFER-LICENSE	Cross Border Transfer License from Centre	Cross border transfers without adequacy require a license from the Egyptian Data Protection Centre and explicit informed...

Data Lifecycle

1 controls

Controls in the Data Lifecycle domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-RETENTION	Retention and Disposal	Personal data must be deleted or anonymised once the purpose of processing has been achieved or consent withdrawn.

Data Subject Rights

4 controls

Controls in the Data Subject Rights domain of Egypt PDPL — 4 controls
Code	Title	Description
PDPL-ART4-DSR-ACCESS	Data Subject Right of Access	Data subjects have the right to know whether their personal data is processed, access it, and obtain a copy from the con...
PDPL-ART5-DSR-RECTIFY	Right to Rectification and Erasure	Data subjects may request correction, modification, deletion, addition, or update of their personal data held by the con...
PDPL-ART6-DSR-OBJECT	Right to Object and Restrict Processing	Data subjects may object to processing of their personal data and request restriction of processing where the data is in...
PDPL-ART7-DSR-WITHDRAW	Right to Withdraw Consent	Data subjects may withdraw previously given consent at any time as easily as it was given, without affecting the lawfuln...

Employment

1 controls

Controls in the Employment domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-EMPLOYEE-DATA	Employee Personal Data	Employee personal data including HR records, monitoring data, and biometric attendance is subject to PDPL with lawful ba...

Enforcement

2 controls

Controls in the Enforcement domain of Egypt PDPL — 2 controls
Code	Title	Description
PDPL-CENTRE-AUDIT	Centre Inspection and Audit Powers	The Data Protection Centre may inspect controllers and processors, request records and access, and issue corrective orde...
PDPL-COMPLAINTS	Complaint Handling	Data subjects may lodge complaints with the controller or directly with PDPA; controllers must operate a documented comp...

Governance

3 controls

Controls in the Governance domain of Egypt PDPL — 3 controls
Code	Title	Description
PDPL-ART31-DPO	Data Protection Officer Designation	Controllers and processors must designate a Data Protection Officer responsible for compliance, registered with the Cent...
PDPL-ART32-DPO-DUTIES	DPO Duties and Responsibilities	The DPO supervises compliance, receives data subject requests and complaints, coordinates with the Centre, documents pro...
PDPL-TRAINING-AWARENESS	Training and Awareness Programme	Controllers and processors must train staff handling personal data on PDPL obligations, with refresher training and role...

Incident Response

1 controls

Controls in the Incident Response domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-ART30-BREACH	Personal Data Breach Notification	Controllers must notify the Data Protection Centre within 72 hours of becoming aware of a personal data breach, and noti...

Lawful Basis

1 controls

Controls in the Lawful Basis domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-ART3-CONSENT	Lawful Basis and Consent	Processing personal data requires explicit consent of the data subject or a legal basis specified in the law. Consent mu...

Licensing

1 controls

Controls in the Licensing domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-ART20-LICENSE	License and Authorization Requirements	Controllers and processors must obtain a license or authorization from the Data Protection Centre to collect, process, s...

Marketing

1 controls

Controls in the Marketing domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-ART19-MARKETING	Electronic Direct Marketing	Electronic marketing communications require prior consent of the recipient, identification of the sender, clear opt out...

Penalties

1 controls

Controls in the Penalties domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-PENALTIES	Penalties and Enforcement Readiness	Violations may attract administrative fines up to BHD 20,000 and imprisonment for serious offences (e.g., unlawful sensi...

Processor Obligations

1 controls

Controls in the Processor Obligations domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-ART9-PROCESSOR	Processor Duties and Contracts	Processors must process personal data only on documented instructions from the controller, implement appropriate securit...

Regulatory Updates

1 controls

Controls in the Regulatory Updates domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-EXECUTIVE-REGS	Executive Regulations Compliance	PDPL is implemented through Executive Regulations issued by the Prime Minister which detail license fees, breach procedu...

Risk Management

1 controls

Controls in the Risk Management domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-DPIA	Risk Assessment for High-Risk Processing	Controllers must assess risks for processing likely to result in significant impact on data subjects (large-scale sensit...

Scope and Applicability

1 controls

Controls in the Scope and Applicability domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-ART2-SCOPE	Material and Territorial Scope	PDPL applies to personal data processed electronically by natural or legal persons inside Egypt, by Egyptians abroad pro...

Security

1 controls

Controls in the Security domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-SECURITY	Technical and Organisational Security Measures	Controllers and processors must apply appropriate technical and organisational measures to protect personal data from lo...

Sensitive Data

2 controls

Controls in the Sensitive Data domain of Egypt PDPL — 2 controls
Code	Title	Description
PDPL-ART12-SENSITIVE	Sensitive Personal Data Protections	Sensitive personal data including health, genetic, biometric, religious, political, criminal, and children data requires...
PDPL-ART13-MINORS	Children Data Processing	Processing personal data of minors under 18 requires consent of the legal guardian and must serve the best interests of...

Surveillance

1 controls

Controls in the Surveillance domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-CCTV-MONITORING	CCTV and Electronic Monitoring	Video surveillance and electronic monitoring of personnel or public requires lawful basis, signage, proportionality, and...

Third Party Risk

1 controls

Controls in the Third Party Risk domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-VENDOR-DUE-DILIGENCE	Vendor and Third Party Due Diligence	Controllers must conduct due diligence on processors and third parties to ensure adequate protection of personal data an...

Transparency

1 controls

Controls in the Transparency domain of Egypt PDPL — 1 controls
Code	Title	Description
PDPL-TRANSPARENCY	Transparency and Privacy Notices	Data subjects must be informed at or before collection about identity of controller, purpose, recipients, retention, rig...

Frequently Asked Questions

What is Egypt PDPL?

Egypt PDPL is a compliance framework from Egypt with 21 domains and 29 controls. Egypt Personal Data Protection Law No. 151 of 2020. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Egypt PDPL have?

Egypt PDPL has 29 controls organised across 21 domains. The largest domains are Data Subject Rights (4 controls), Governance (3 controls), Cross Border Transfers (2 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Egypt PDPL map to?

Egypt PDPL does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.

How do I get started with Egypt PDPL compliance?

Start your Egypt PDPL compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Egypt PDPL requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 29 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 769 frameworks.

Get Started Free →

Free forever — no credit card required