Personal Data Protection in Algeria

Today, the 18th of May, is a very important day for personal data protection in Algeria, it marks the second anniversary of appointing the first members of the National Authority of Personal Data Protection (ANPDP), but this date is not as important as the 10th of August. Nine few months, the Algerian law on personal data protection came into effect, making all entities dealing with personal data liable to serious sanctions in case they're found to be non compliant with it's requirements.

But what does that really mean for companies? Should they make it their priority to be compliant? And what if they lack the time or expertise to deal with compliance? This article aims to answer these questions, but first..

Why does this law matter?

Law N°18-07 is the first Algerian legislation that’s entirely dedicated to personal data protection, it was issued on the 10th of June, 2018. This legislation consists of 76 articles in total, and based on its 1st and 2nd articles, the law focuses on providing protection for personal data regardless of the entity processing it. Within this legislation we find that even government bodies that perform these processes are required by law to disclose their activities to the ANPDP and to comply with the legal requirements of the law.

Failing to comply will make your company subject to administrative sanctions from the ANPDP, ranging from official warnings that will most probably affect your company's' public reputation, and extending to more serious administrative measures, such as provisional withdrawal of declarations or authorizations issued by the ANPDP. The authority can also issue fines of 500.000 DA to entities that are found to be breaching the law.

On top of that, the law imposes severe penal repercussions on those who willingly breach it. Penalties include more fines that go up to 1.000.000 DA and extend to imprisonment for up to 5 years for the individuals responsible for violating this law.

This law is the equivalent of GDPR within Algerian, and since this legislation has entered into force in August 2023, every entity handling the personal data of individuals in Algeria must adhere to its requirements. And simply relying on being compliant with GDPR isn’t enough, since the Algerian law has some different requirements, such as hosting and processing be done in Algeria, if not, then an authorization would be required to process data outside of Algerian territory.

What does the company gain by complying?

Being compliant helps you avoid all the administrative and penal sanctions previously mentioned, even if you fail to fully comply with all the requirements mentioned in the law, you can at least prove your goodwill by trying to comply while also proving your due diligence.

Showing goodwill isn’t only important on the legal aspect, but it’s also helpful for clients who see that your company is committed to acting ethically and legally. Even if any disputes do occur, you can still show your company's' efforts to conform to these legal standards.

Clients won’t only appreciate your company's ethics when you comply, but they will also perceive your company as highly professional, one that is up to date with new legislation. Showing compliance to Law N°18-07 on your website or LinkedIn page not only improves your image in regard to clients, but can also appeal to potential new investors and partners.

How can my company comply?

The first step is to raise your own awareness as a leader and that of your staff. You can begin with reading about the law or going through its actual provisions, attending training sessions and webinars on compliance, and seeking guidance from experts in the field. Data protection doesn’t just require adherence to regulations on the organizational level, more importantly, it demands awareness among employees tasked with handling such data.

An easy approach to ensure your company's compliance, is to hire a legal expert in the field of personal data protection in order to guide you through the declaration and/or authorization process, assisting you in navigating all the legal complexities associated with non-compliance.

However, compliance isn’t a one step process, it has to be maintained periodically as your company grows. To ensure the consistency of your company's compliance, you can either hire a Data Protection specialist?on your team,?or conduct regular assessments with experts to maintain compliance and adherence with current legal standards.

This all might be a little overwhelming at first, but in all honesty, the Algerian government is putting a real effort in making all of this accessible for company's, whether big or small, to follow and adhere to. I recommend you can start by giving the ANPDP website a visit to get a better idea of the importance of compliance and to take a look at some of the new requirements of law N°18-07.

—

Thank you for getting this far and reading the article! If you're interested topics like data protection, GDPR and compliance then I would like to tell you that I intend to write on these topics and on Algerian law on a weekly basis (hopefully). So stay tuned for another article like this one next week, until then, keep your data safe!