Algeria Law 18-07

Law No. 18-07 on the Protection of Individuals in the Processing of Personal Data (as amended by Law 25-11)

Flag of DZ
AlgeriaOpt-inNational
Back to Regulations Guide

Key Facts

Effective Date
August 10, 2023
Enacted
June 10, 2018
Enforcing Authority
Autorité Nationale de Protection des Données à caractère Personnel (ANPDP)
Consent Model
Opt-in
Applies To
All public and private entities processing personal data within Algeria

Overview

Algeria's data protection framework was significantly modernized by the 2025 amendment (Law 25-11), introducing DPO requirements and DPIA obligations. The ANPDP was formally established in 2023, enabling practical enforcement for the first time. Criminal penalties including up to 5 years imprisonment apply.

What This Means for Your Website

  • Consent is required for processing personal data of Algerian visitors
  • DPO appointment is now required under the 2025 amendment
  • DPIAs are mandatory for high-risk processing
  • Breach notification to ANPDP is required within 5 days
  • Criminal penalties include up to 5 years imprisonment
  • International transfer rules were clarified by the 2025 amendment

Key Requirements

The ANPDP enforces the law with fines of DZD 20,000-1,000,000 and imprisonment of 2 months to 5 years. The 2025 amendment expanded ANPDP powers and added modern requirements. Breach notification must occur within 5 days.

How ConsentStack Handles This

ConsentStack applies consent-based processing for Algerian visitors, supporting compliance with the modernized framework.

Penalties

DZD 20,000-1,000,000 fines. 2 months to 5 years imprisonment. Up to DZD 500,000 for non-compliance.

Maximum Fine
DZD1,000,000 per violation

Key Requirements

  • Consent required for personal data processing
  • DPO appointment required (2025 amendment)
  • DPIAs mandatory for high-risk processing
  • Detailed processing records must be maintained
  • Data breach notification to ANPDP within 5 days
  • International transfer rules clarified under 2025 amendment

Notable Provisions

  • 2025 amendment adds DPO, DPIA, and processing records
  • ANPDP formally established 2023
  • Criminal penalties including imprisonment
  • Expanded ANPDP oversight powers under amendment

Other Middle East & North Africa Regulations

KSA PDPLKingdom of Saudi Arabia
Saudi Arabia's first comprehensive data protection law, actively enforced by SDAIA with 48 decisions in its first year. Has the strictest cross-border data transfer restrictions in the Middle East. Consent is the primary legal basis, and the very active enforcement record signals high compliance risk for organizations.
UAE PDPLUnited Arab Emirates (federal, excluding DIFC and ADGM free zones)
The UAE's first federal data protection law, making consent the default legal basis for processing. The UAE operates a unique three-regime system where federal law, DIFC, and ADGM each have separate data protection frameworks. Executive Regulations are still pending, creating enforcement uncertainty around detailed implementation requirements.
Egypt PDPLEgypt
Egypt's first comprehensive data protection law, with Executive Regulations delayed five years before operationalization in November 2025. Requires explicit consent, PDPC licensing for certain processing, and criminal penalties including imprisonment. Cross-border transfers require PDPC licensing.
Israel PPL Amendment 13State of Israel
A sweeping reform of Israel's privacy law introducing GDPR-level enforcement capabilities, a private right of action without proof of harm, and extraterritorial scope. IP addresses, online identifiers, and geolocation data are explicitly included as personal data. The PPA's expected binding cookie guidance makes consent banners essential for Israeli users.
Bahrain PDPLKingdom of Bahrain
Bahrain's comprehensive data protection law with a notable prohibition on cookie walls. Consent obtained through forced or obligated browsing is explicitly void. Cookie walls or making website access conditional on cookie acceptance are prohibited, making genuine voluntary consent a strict requirement for CMP implementations.
Morocco Loi 09-08Morocco
Among the first data protection laws in Africa, modeled after the French Data Protection Act. The CNDP is an autonomous supervisory authority. All processing activities must be declared to the CNDP prior to implementation. The CNDP takes a graduated enforcement approach with warnings before fines or criminal referrals.

Frequently Asked Questions

What changed in Algeria's 2025 amendments?

Law 25-11 introduced DPO requirements, DPIA obligations, and processing records — bringing the framework closer to GDPR standards. ANPDP powers were also expanded.

When did Algeria's DPA become operational?

The ANPDP was formally established in 2023, making the law practically enforceable for the first time.

What are Algeria's penalties?

DZD 20,000-1,000,000 in fines plus 2 months to 5 years imprisonment for violations.

Stay compliant with Algeria Law 18-07

ConsentStack helps you implement Opt-in consent for Algeria automatically.

Get started free