Analysis and mapping of personal data processing in the context of compliance with law 18-07

Abstract

In a context where digital transformation is accelerating across Algerian enterprises, ensuring the protection of personal data has become a legal and strategic necessity. This thesis investigates how Algerian companies, specifically Cevital, can comply with Law No. 18-07 on the protection of personal data. In the context of increasing digitalization and regulatory complexity, the study addresses the need for structured data governance to ensure legal compliance and protect individual rights. The central research problem focuses on how Cevital can operationalize compliance through effective analysis and mapping of personal data processing activities. To answer this question, a mixed methodological approach was adopted, combining legal analysis, documentary research, semi-structured interviews with key personnel from Cevital’s HR and IT departments, and direct observation of compliance practices. The study draws on national legislation and international frameworks such as the GDPR and ISO/IEC 27701 to benchmark best practices. The findings reveal that while Law 18-07 provides a solid legal foundation, its effective implementation requires significant organizational efforts, including awareness campaigns, internal documentation, and the development of a privacy governance model. Cevital has begun to integrate these elements through a compliance initiative focused on risk mapping and stakeholder engagement. This research contributes both academically and practically by providing a framework for Algerian companies seeking to align with modern data protection standards. It highlights the strategic importance of personal data governance and the operational challenges of implementing regulatory compliance in the digital age.