Product news

Derivatives
  • CSAnalytics

    An in-depth guide to ISDA's collateral opinions

  • diligence

    Essential pre-trade information for OTC derivatives

  • diligence ISDA e-contracts

    Helps you assess electronic contract enforceability issues

  • DRVanalytics

    Detailed coverage of DRV netting opinions

  • EFETalytics

    Examines enforceability under EFET documentation

  • netalytics

    Practical analysis of ISDA's netting opinions

  • repoAnalytics

    Simplifies analysis of the GMRA legal opinions

  • Rulefinder G20

    High quality data supporting your OTC derivatives function

  • SLAnalytics

    Simplifies analysis of ISLA's securities lending opinions

Cross-border distribution

Private banking

Cross-border lending

Crypto

Shareholding disclosure

Data privacy

e-Signatures
Israel

Speed Read

Data Privacy - Israel

Complexity
Data Privacy - Israel

The full report, available to subscribers and those on a free trial, includes access to a detailed legal memorandum, Breach Response App, Horizon Scanning and Sanctions Tracking, Schrems II Toolkit and Territorial Scope View, all supported by daily monitoring and alerts.

Source date: 14th August 2025

Overview

Legal Framework

Relevant law: Protection of Privacy Law (amendments in force August 2025), DSR and Transfer Regulations

Regulator: Privacy Protection Authority (website)

Fines and Enforcement

Maximum possible fine: NIS 150,000 (c. $40,000 ) for individual major instances of non-compliance (cumulative system) and NIS 320,000 (c. $430,000) for certain security violations

Top fine to-date: NIS 400,000 (c. $117,000) in 2017

Compliance Overview 

Register with regulator: Not required. However, a Data Owner (controller) must register a Database with the PPA for approval in certain circumstances.

Appoint a DPO: Required where (i) the Controller is required to register its Database; (ii) the main activities involve regular and systematic monitoring; and (iii) the primary activity is processing Highly Sensitive Data on a significant scale.

Appoint a CISO: Required in certain circumstances, e.g. when an entity controls or holds five or more Databases that are subject to registration requirements.

Formal compliance programme: In order to comply with data privacy laws organisations must have appropriate documented plans, policies, processes and procedures.

Publish/provide privacy notice: Privacy information must be provided to individuals prior to the collection of their personal data into a Database.

Maintain records of activities: The Controller is required to maintain a document which includes a general description of the personal data collected and purposes behind the processing.

Conduct privacy assessment (DPIA): Not required. However, conducting a DPIA is generally considered a good practice.

Data security measures: Organisations must protect personal data from being exposed, used or copied without lawful permission. Specific security requirements apply, depending on level of risk assigned to a Database.

Key Risks and Considerations

1) Robust, established regime; compliance standards less onerous than GDPR although significant changes have been introduced in August 2025.
2)  Consent required, but implied consent generally acceptable.
3) Requirement to register personal data Databases with the PPA and assign a level of risk, which will determine the appropriate security measures to implement.
4) Severe Security Incidents must be notified to the PPA immediately.
5) Additional rules that apply to all data transferred from the EEA.

Find out how aosphere can help

Rulefinder Data Privacy is an easy-to-use online resource that provides practical analysis of data protection and privacy laws across key global markets. The analysis is simple to access online, easy to navigate and maintained by a dedicated team of senior lawyers.

Data Privacy - Free trial
Find out how aosphere can help