A new law No. 151 for 2020 is issued in Egypt on 15 July 2020 to regulate Personal Data Protection The Law is modeled to a large extent on the EU General Data Protection Regulation (GDPR).
Sherif Makhlouf, a member of the Egyptian Junior Business Association, said the law provides a full-year grace period for organizations to address and comply with its requirements. The law applies to all organizations that control or process personal data.
Personal data can be used to identify any inpidual like his full name, picture, voice, national identification number, or an online identifier.
A regulating authority will be established to be responsible for personal data protection and the supervision and enforcement of the Data Protection Law. The soon to be formed authority will be called the ‘Personal Data Protection Centre’ (PDPC).
[caption id="attachment_150440" align="aligncenter" width="304"]
Sherif Makhlouf[/caption]
Here are 8 key steps organizations should take to become compliant to the new regulations:
Consent is key. It is important to get the clear and explicit consent of all your users to collect their data and store it. Once collected, this consent must be documented, and the data subject is allowed to withdraw his consent at any moment. Using Opt-in forms and checkboxes is a common way of implementing such a requirement.
Limitation of data storage is required now were organizations are expected to limit the processing and collection of data to only the necessary pieces of information while not keeping personal data once the processing purpose is completed.
All your users will now have the right to ask the company what information it has about them, and what the company does with this information. Also, the users have the right to ask for correction or even ask for the deletion of his or her data also known as “the right to be forgotten”.
When the company has the intent to process personal data beyond the legitimate purpose for which that data was collected, clear and explicit consent must be asked from the users. Once collected, this consent must be documented, and the users are allowed to withdraw their consent at any moment.
When you are doing digital marketing, especially when doing email, SMS marketing or push notifications, it is very important to provide a valid and complete address of the sender, and indicate that the email or SMS is for marketing purposes and most importantly offer a clear way for users to opt-out if they choose to.
Your organization must maintain a Personal Data Breach Record and, you must inform the regulatory authority of any breaches on time. You are also required to implement a wide range of measures to reduce the risk of hacks and breaches.
Your organization is required to assign a Data Protection Officer. When assigned and registered with the regulatory authority, the Data Protection Officer would have the responsibility of advising the company about compliance as well as organization internal training.
If for some reason, you are collecting and processing data in the “personal sensitive data” category you will need to be licensed from the newly formed Personal Data Protection Centre.
Personal sensitive data consist of special categories of data that are related to the mental, psychological, physical, genetic, or biometric of the inpiduals. It also includes financial data and data related to religious beliefs, political opinions, or criminal records. Information, related to children, is always considered sensitive data.
Follow the latest news on Google News
