The protection of personal data of clients during COVID-19

The protection of personal data of clients during COVID-19

The protection of personal data of clients during COVID-19.

Due to the situation of COVID-19, many employees are teleworking, and using their personal computers, Home computers and personal/ public Wi-Fi.

In this case, companies cannot provide the proper security needed, this may lead to the exposure of personal confidential information of employees and clients to unauthorized people.

This can hold the liability of the company and the responsible can be faced with both imprisonment and a fine.Thus, companies have an obligation to respect the right of employee’s and client’s confidentiality and to protect all personal data.

What is the responsibility of companies regarding personal Data of clients?

Algerian public and private companies must do everything in their power to preserve confidentiality and ensure the security of their client’s data.

Law No. 18-07, relating to the protection of personal data of natural persons,provides that processing of personal data must be done in the context of respect for the person’s honour and their reputation.

Also, according to the article 38, the company should protect personal data against accidental destruction, alteration, breach of professional secrecy, dissemination of unauthorized access, especially when transmission takes place in unprotected network.

The above-mentioned law has set sanctions for the none-protection of personal data. According to article 60 of law 18-07, whoever gives access to unauthorized people to personal data is punished by imprisonment for two (2) years to five (5) years and a fine of 200,000 DA to 500,000 DA.

Therefore, the company should protect personal data of clients against any violations coming from its employees, or third parties, who have access to such information, especially with the situation of teleworking.

How can companies ensure the security of the personal data of its employees and customers?

A solid data protection strategy is a key, in this time, to keep client’s trust.

When accompanied by effective governance and supported by the effective implementation of technical controls, this will allow companies not only to minimize the risk of data leaks, but also to establish effective teleworking pattern, and by extension data protection.

Thus, Companies must set an urgent COVID-19 technical plan for keeping personal information.

Such as, limit the amount of data processed; Restrict access to sensitive data only to designated persons.

Provide protected network for the company’s employees, with the help of a professional IT engineer.

Provide the employees who are in direct contact with the personal data with well protected equipments (Computers, Phones, printers…).

Designate a person responsible for the protection of the personal data in the company.

The company should obtain the written approval of the person concerned before any processing of personal data; the said approval needs to be implemented by the proper legal procedures.

However, for these suggestions to achieve compliance, it is imperative to materialize them with the appropriate legal instruments as defined by Algerian regulations.

Otherwise, the company and its managers can be exposed.

Although, teleworking provides an appreciable advantage, the latter can jeopardize the leakage of employee’s and client’s personal information which is punished by heavy penalties.

Navigating the impact of Covid-19 on your Business

The decisions you make today could be scrutinized for years to come BOOK YOUR FREE CONFCALL NOW to understand your overall risk position




How a company can enjoy lawfully the exploitation of VPN in Algeria?

The VPN or Virtual Private Network is a type of computer network that allows the creation of direct links between remote computers, the connection between computers is managed by VPN software, creating a tunnel between them.

In fact, any user of the VPN without complying with the procedures and conditions stipulated as per the Algerian law is prohibited since the encryption software by which we can connect to the VPN is considered as sensitive equipment. Also, the encryption software must be subject to a declaration at ARPCE level otherwise the company will undergo the cut of the VPN and even other very severe sanctions will be applicable on it. Thus, with the experience acquired in this field, Fares Group is able to support companies in the procedures for the deposit until the authorization for use is obtained from the ARPCE;

First of all, it is of essence to note that encryption software is specifically mentioned in the list of sensitive goods as per the Decree 09-410. Thus, its exploitation is subject to a prior authorization of the competent authority, which is the ARPCE (Autorité de Régulation de la Poste et des Telecommunications) after favorable opinion from the services of the Ministry of Defense and the Ministry of the Interior.

The Decision n.17/SP/PC/ARPT of the 11/06/2012 provides for the duty to deposit the password of encrypting software before the competent authority. Such provision targets any holder of an authorization of exploitation of equipment/software of encryption.

The authorization to operate VPN software consists in an administrative and a technical file, therefore, the concerned must provide before the ARPCE all the documents required such as, the type and nature of the data that will be used by the software that is the subject of the authorization request, the type of VPN used and the Public IP address. Any missing document will delay the process to obtain the authorization.

Furthermore, as mentioned above, the exploitation of the VPN without the conditions aforementioned constitutes as a violation of the laws and regulations in force. Considering that lately some companies have suffered from a cut in the VPN and without notice due to the non-compliance with the conditions stipulated which has put these companies in very burdensome circumstances.

The Algerian law provides for administrative and criminal sanctions in case of detention or exploitation of a VPN without a prior authorization.


Therefore, it is mandatory to obtain the authorization of exploitation of the software before any exploitation of VPN, and proceed with the deposit of its password before the competent public authority (ARPCE).


" Doing business in Algeria 2019"

Provide you with an overview of the applicable legal framework in Algeria for international business transactions

Ouvrir chat
Need help ?
Hello 👋
How can we help you?