Algeria Law 18-07

Law 18-07 on the Protection of Individuals in the Processing of Personal Data

Algeria's data protection law with mandatory DPO requirement added by 2025 amendment and 5-day breach notification.

Jurisdiction

Algeria

Enacted

Jun 10, 2018

Effective

Aug 1, 2023

Enforcement

Autorité Nationale de Protection des Données à Caractère Personnel (ANPDP)

DPO mandatory under 2025 amendment

Journal Officiel Algeria

Why It Matters

Algeria's 5-day breach notification (vs GDPR's 72 hours) creates strict incident response timeline for AI chatbot security incidents.

Recent Developments

2025 amendment made DPO mandatory for all data controllers

At a Glance

Applies to

AI CompanionMental Health AppGeneral Chatbot

Requires

Transparency User Rights

Who Must Comply

Data controllers and processors in Algeria
Entities processing data of Algerian residents
Cross-border data transfers from Algeria

Obligations fall on:

Safety Provisions

Data Protection Officer mandatory (2025 amendment)
5-day breach notification to ANPDP
Data controller registration required
Security measures for personal data
Cross-border transfer restrictions

Compliance & Enforcement

Penalties

criminal liability

Criminal liability

Primary Source

Journal Officiel Algeria

https://www.joradp.dz/FTP/jo-francais/2018/F2018034.pdf

View on map

Algeria

Focus Areas

General regulation

Cite This

APA

Algeria. (2018). Law 18-07 on the Protection of Individuals in the Processing of Personal Data.

Related Regulations

In Effect ZM

Zambia DPA

Zambia's comprehensive data protection law with special protections for vulnerable persons and DPIA requirements for high-risk processing.

In Effect BW

Botswana DPA

Botswana's modernized data protection law requiring Data Protection Impact Assessment and establishing age 16 for consent.

In Effect SC

Seychelles DPA

Seychelles' modern data protection law requiring DPO for large-scale processing and recognizing Cross-Border Privacy Rules certification.

In Effect RW

First African country to adopt comprehensive national AI policy. Establishes Responsible AI Office (RAIO) under MINICT. Implements RURA ethical guidelines covering beneficence, non-maleficence, autonomy, justice, explicability, transparency. Non-binding framework.

Proposed KE

Kenya AI Bill

First comprehensive AI bill in Sub-Saharan Africa. Proposes creation of AI Commissioner, AI Authority, and Advisory Committee. Establishes risk-based regulatory model aligned with EU AI Act framework, criminalizes harmful deepfakes, and mandates AI content labeling.

Enacted US-MD

MD HB 895

First US state law to outright ban surveillance-based personalized pricing in food retail and third-party delivery, prohibiting use of protected class data and dynamic pricing tied to consumer personal data with limited exceptions for cost-based pricing, loyalty programs, and explicit consent.

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.