Egypt: Executive Regulations of the Personal Data Protection Law (Decision No. 816 of 2025) including data protection regulation entered into force

On 2 November 2025, the Executive Regulations of the Personal Data Protection Law issued by Law No. 151 of 2020 entered into force on the day following their publication in the Official Gazette, as issued by Minister of Communications and Information Technology Decision No. 816 of 2025. The Executive Regulations establish data protection regulations governing the collection, processing, retention, deletion, and regulation of personal data. They require lawful collection based on permission or authorisation and explicit written consent. They establish purpose limitation and prohibit use beyond the approved purpose. They require approval of data collection tools and mandate defined retention periods linked strictly to the purpose of processing. They require controllers to determine obligatory retention periods for each category of personal data and to erase personal data upon expiry of the retention purpose. Continued retention is limited to legitimate reasons, and data must not remain in an identifiable form. The Executive Regulations establish additional safeguards for sensitive personal data. They require prior permission or authorisation from the Personal Data Protection Center (PDPC) and explicit written consent from the person concerned or the legal guardian in the case of minors. They limit processing of sensitive personal data to what is necessary for the controller’s purpose and require enhanced security measures determined by the PDPC. The Executive Regulations establish specific rules for children’s data. They require written consent from the guardian for the collection and processing of data of children under fifteen years of age and define consent requirements for children aged fifteen to under eighteen years in accordance with tools determined by the PDPC.