PDPL Compliance for Health-tech in Egypt

PDPL guide for Egyptian health-tech, telemedicine and clinic platforms. Sensitive health data, explicit consent, MoH alignment, cross-border telehealth.

Frequently asked questions

Is patient data really 'sensitive' under PDPL?

Yes. Article 12 lists health data, genetic data, and biometric data as sensitive — requiring explicit, granular consent and stricter security.

Can a patient ask for their full record?

Yes, within 6 working days. Plan for portable export — usually JSON or PDF — including consultations, prescriptions, lab results, and consents.

What about tele-consults with doctors abroad?

That's a cross-border transfer of sensitive data. You need a documented Article 14 basis, a DPA with the foreign provider, and explicit patient consent for the transfer.

Do we need a DPO?

Almost certainly. Health-tech 'processes sensitive data at scale,' which triggers the mandatory DPO under Article 8 of the Executive Regulations.

Are anonymised statistics still personal data?

If the anonymisation is robust (no realistic re-identification), no. If it's just removing the name while keeping date-of-birth, postcode and diagnosis, yes — that's still personal data.

Explore Polily

  • Polily home — PDPL compliance for Egypt
  • Egypt PDPL compliance hub
  • Free PDPL privacy policy generator
  • PDPL readiness quiz
  • Find a verified PDPL lawyer in Egypt
  • PDPL founders' checklist
  • Polily blog — PDPL guidance
  • Pricing