- #Cbe download authorization key manual#
- #Cbe download authorization key registration#
- #Cbe download authorization key license#
The devil is in the detail as they say, and the details are expected to be set out in the executive regulations and should include how the data protection center will implement these regulations. The executive regulations of the law will make it or break it.
We could assume that an attack that specifically targets any designated national critical infrastructure (NCI) entities in sectors such as energy, communications, water, or emergency services etc., would clearly threaten national security. The concern of course is who defines what represents a national security threat and will this be apparent at the outset prior to detailed investigation and analysis? This needs to be clarified in the executive regulations expected to be issued within the next 9 months. However, if the attack threatens national security, companies must report it immediately. In the DP Law, companies must report cyber-attacks within 72 hours from the time of their knowledge of the attack. This is typically not realistic in practice. The original draft of the law required companies to report cyber-attacks within 24 hours.
#Cbe download authorization key manual#
Relying on manual processes simply will not work in an online environment and may ultimately result in companies processing personal data without valid consent. From experiences in Europe, we know that this requires quite advanced permission management processes for companies to manage this requirement efficiently.
In addition, it grants data subjects the right to withdraw any previous consent. The DP Law requires consent as a legal basis for direct electronic marketing. The general rule is that data must be transferred to a jurisdiction that offers at least an equivalent level of protection to that provided under Egyptian law.
#Cbe download authorization key license#
There is no data localization obligation in respect of cross border transfers of data, but the law does require a license for such transfer of data. We are of the view that the rejection of a license request will only be used against specific companies and for clear and justifiable reasons. Our assumption is that this is the last thing that the government would be looking to achieve. This effectively means that a company may be forced to exit Egypt, with obvious financial consequences, consequences for customer relationships and company brand. Ultimately, what concerns big tech companies is whether the license will be purely a rubber stamping exercise, or whether there is a likelihood that a request for a license could be denied, or not renewed upon expiry. The amount of fees involved is not insignificant and it is not a secret that all African countries are looking for ways to finance their budget deficits. There is certainly a financial element to the introduction of a licensing regime. In Europe, regulators with GDPR moved away from pre-authorized data processing and introduced the accountability principle instead to replace it.
#Cbe download authorization key registration#
The benefit of requiring a license for dealing in data instead of following a simple registration or notification regime remains unclear. These acts are i) breach of the conditions for cross border transfer of data, ii) dealing in sensitive data without the explicit and written consent of the data subject or in breach of the relevant provisions under the DP Law, iii) any data processor or controller that deals in personal data in breach of the relevant provisions under the DP Law or without the consent of the data subject, when applicable, in exchange for a benefit or with the intent to expose the data subject to danger or harm and iv) preventing the representatives of the data protection center from preforming their duties.ĭealing in data requires a license. The DP Law reduced acts punishable by imprisonment from 13 in the initial draft to only 4. These are the five key points you need to know about the DP Law: The law also imposes licensing requirements for data processing, data control, dealing in sensitive data, electronic marketing, and cross-border transfer of data. The DP Law includes an obligation on companies to appoint a data protection officer as an employee or else face financial penalties of up to 2 million Egyptian Pounds (around USD 125,000). There is a minimum grace period of 21 months for companies to comply with the DP Law. The law excludes the Central Bank of Egypt (“CBE”), and most of the entities subject to the supervision of the CBE, from the scope of its application. The DP Law only covers personal data in digital form.