The New Israeli Privacy Protection (Data Security) Regulations

One of the most major developments in data protection in Israel in the past year has been the publication of the Privacy Protection (Data Security) Regulations, in May 2017, which came into effect in May 2018.

The Regulations classify databases to four groups according to the level of risk created by the processing activity in the databases: high, medium, basic and databases controlled by individuals that grant access to no more than three authorised individuals.

The duties of the controllers are determined with accordance to the ‘level of risk’, which is defined by the data sensitivity, the number of data subjects and number of authorised access holders.

Just recently, the Israeli Privacy Protection Authority announced  the operation of enforcement efforts to examine the implementation of the new Regulations and their intention to examine over  150 different entities by the end of the year.

The head of thePrivacy Protection Authority, Alon Bachar, said in a statement that the goal is to supervise the level of data protection in bodies that manage a lot of sensitive personal information – customer clubs, medical institutes, bodies that provide information management platforms for minors, institutions of higher education, etc.