Egypt’s Personal Data Protection Law - An Employment & HR Perspective


data protection123-01.jpg

The Egyptian Data Protection Law No. 151/2020 (the “Law”) came into effect in October 2020. The executive regulation of the Law is expected to be issued by April 2021. Companies are given twelve 12-month grace period from the date of the executive regulations to fully comply with the Law.

Companies, however, are required to immediately adhere to a proper data protection compliance system with respect to personal data they collect or process. Employees’ data is an extremely significant part that must not be overlooked when setting up a data protection compliance system.

In this note we will try to briefly shed light on the implications of the Law on employees’ data or HR data.

What is Employees Data?

Employees’ data is generally the information collected by companies in job applications, recruitment files, HR files, staff’s medical files, and anything else collected, stored, recorded or gathered by the company and contains personal information about the employees.

What Need to be Done to Comply with the Law?

Companies must adhere to a proper data protection compliance system with respect to employees and HR data. This compliance system must cover the following:

  • Background Checking & Screening: ensure compliance with the Law when running background checking and screening on newly hired employees.
  • Data Subject’s Consent: obtain employees’ proper consents on collecting, storing and/or processing their personal data.
  • Employment Contracts: update employment contracts and ensure that employees are aware of the data collection, processing and/or transfer conducted by the company.
  • Data Protection Policy: announce a data protection policy or code of conduct and make sure that employees understand the implications of the Law on their personal information.
  • Cross-border HR Data Transfer: adopt cross-borders data transfer system for the transfer of employees and HR data to the global database of the company or other entities (i.e. payroll and HR services companies) or the access to this database by HR management and executives from other sites.
  • Social Security Law Compliance: ensure data protection compliance with respect to employees’ medical reports, documents relating to health condition, drug tests and other documents and data relating to social security (i.e. information relating to employee’s retirement and pensions).
  • Labor Law Compliance: ensure that compliance with the Law will not prejudice company’s obligations under labor laws, i.e., the obligation to build HR files for employees, make it accessible to specific persons and maintain such files for specific durations.
  • Disciplinary Investigation Data: adopt an effective mechanism to maintain and protect employees and HR data collected, processed and/or disclosed during disciplinary investigations.
  • DPO or HR Team: coordinate internally between the Data Protection Officer (DPO) and HR team and designate their responsibilities and duties in relation to the implementation of the Law.
  • Reporting Breaches: adopt an efficient reporting and risk exposure system in events of inappropriate use or leakage of data or other breaches.

How can Riad & Riad Help?

Riad & Riad can help your company to comply with the Law. Our specialized team can assist you with the following:

  • Draft and review the company’s data protection code of conduct.
  • Update employment contracts and ensure compliance with the Law.
  • Prepare forms of employee’s consents and releases for the purposes of applying the Law on their data.
  • Draft and review the company’s background check and screening policies and forms.
  • Draft and review the company’s confidentiality and non-disclosure policies.
  • Draft and review the company’s personnel records policy.
  • Draft and review the company’s policy in relation to cross-border transfer of HR data.
  • Organize workshops and training sessions with employees to make sure that they are fully informed of the nature and scope of the information that will be processed, used and/or transferred by the company.

To learn more about the new Personal Data Protection Law in Egypt, please visit our website

For any inquiries, please contact Dr. Eman Riad

Posted in News on Feb 28, 2021