Data Protection Policy

Sets out how the University meets its obligations under the Egyptian PDPL and equivalent international frameworks (UK GDPR for the partner programmes).

Owner:: Data Protection Officer
Effective:: 01 January 2026

1. Principles

Lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; accountability.

2. DPIAs

A Data Protection Impact Assessment is required for any new processing involving Restricted data, automated decision-making or large-scale monitoring (e.g. campus biometrics).

3. International Transfers

Transfers to the UK partner are covered by Standard Contractual Clauses. Transfers to MOHE rely on the legal obligation basis.

Questions about this policy? Contact dpo@bue.edu.eg for privacy matters or security@bue.edu.eg for security disclosures.