GDPR can be considered as the world's strongest set of data protection rules, which enhance how people can access information about them and places limits on what organizations can do with personal data. The full text of GDPR is an unwieldy beast, which contains 99 individual articles
The regulation exists as a framework for laws across the European continent and replaced the previous 1995 data protection directive. The GDPR's final form came about after more than four years of discussion and negotiations – it was adopted by both the European Parliament and European Council in April 2016. The underpinning regulation and directive were published at the end of that month. GDPR came into force on May 25, 2018. Countries within Europe were given the ability to make their own small changes to suit their own needs
At the heart of GDPR is personal data. Broadly this is information that allows a living person to be directly, or indirectly, identified from data that's available. This can be something obvious, such as a person's name, location data, or a clear online username, or it can be something that may be less instantly apparent: IP addresses and cookie identifiers can be considered as personal data. Under GDPR there are also a few special categories of sensitive personal data that are given greater protections. This personal data includes information about racial or ethnic origin, political opinions, religious beliefs, membership of trade unions, genetic and biometric data, health information and data around a person's sex life or orientation. The crucial thing about what constitutes personal data is that it allows a person to be identified – pseudonymised data can still fall under the definition of personal data. Personal data is so important under GDPR because individuals, organizations, and companies that are either 'controllers' or 'processors' of it are covered by the law. Although coming from the EU, GDPR can also apply to businesses that are based outside the region. If a business in the US, for instance, does business in the EU then GDPR can apply and also if it is a controller of EU citizens.
While GDPR arguably places he biggest tolls on data controllers and processors, the legislation is designed to help protect the rights of individuals. As such there are eight rights laid out by GDPR. This range from allowing people to have easier access to the data companies hold about them and for it to also be deleted in some scenarios. The full GDPR rights for individuals are: the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and also rights around automated decision making and profiling.
The Egyptian Law No. 151 of 2020 was published in July 2020, and toke effect in October 2020 side to side with Cybercrime Law no 175 of year 2018.Consumer Protection Law no 181 of year 2018. Additional accompanying laws are expected to be published soon. The Law prohibits the processing of personal data without the explicit consent of individuals and gives them multiple rights such as restricting access to their data, reversing prior consent, and being informed in case of any data breach. Organizations may need to obtain an authorized license in order to process both personal and sensitive personal data. This data can only be collected for specific legitimate purposes and should not be retained longer than necessary.
If your organization fails to comply with Law No.151 of 2020, then you may be exposed to significant administrative fines (up to EGP 5m) as well as criminal penalties (imprisonment of more than six months).
