Law 18-07 Personal Data
Algeria
2018
Privacy
Overview
Key Obligations
- Obtain informed consent from individuals before collecting or processing their personal data
- Ensure data accuracy, confidentiality, and security
- Notify the national authority before processing sensitive or large-scale data
- Restrict cross-border data transfers to jurisdictions with adequate protection
- Appoint a Data Protection Officer (DPO) when handling sensitive data or large volumes
- Allow individuals to access, correct, or delete their personal data
- Maintain compliance documentation and data processing logs
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
One Touch KYC
Launch global KYC flows with built-in document OCR, liveness checks, deepfake detection, and AML, all through a single, customizable dashboard.
MENA API Marketplace
A comprehensive API marketplace for the Middle East and North Africa, offering localized verification and compliance solutions.
AML Screening
Screen users against Politically Exposed Persons (PEP), watchlists, sanctions lists, adverse media, and more through one-time screening and advanced monitoring.
Related Regulations
FAQ
Is Algeria's data protection authority active yet?
No. Although Law 18-07 mandates the creation of a national authority, it has not been operationalized due to the absence of secondary regulations.
Can Algerian companies transfer data abroad?
Yes, but only if the receiving country ensures an adequate level of data protection.
Is consent always required for data processing?
Yes. Consent must be clear, informed, and given voluntarily, except in cases where exemptions apply.
What penalties exist for non-compliance?
The law outlines administrative and criminal penalties, though enforcement mechanisms are limited until full regulatory infrastructure is established.