Derivatives
  • CSAnalytics

    An in-depth guide to ISDA's collateral opinions

  • diligence

    Essential pre-trade information for OTC derivatives

  • diligence ISDA e-contracts

    Helps you assess electronic contract enforceability issues

  • DRVanalytics

    Detailed coverage of DRV netting opinions

  • EFETalytics

    Examines enforceability under EFET documentation

  • netalytics

    Practical analysis of ISDA's netting opinions

  • repoAnalytics

    Simplifies analysis of the GMRA legal opinions

  • Rulefinder G20

    High quality data supporting your OTC derivatives function

  • SLAnalytics

    Simplifies analysis of ISLA's securities lending opinions

Cross-border distribution

Private banking

Cross-border lending

Crypto

Shareholding disclosure

Data privacy

e-Signatures
Israel

Speed Read

Data Privacy - Israel

Complexity
Data Privacy - Israel

The full report, available to subscribers and those on a free trial, includes access to a detailed legal memorandum, Breach Response App, Horizon Scanning and Sanctions Tracking, Schrems II Toolkit and Territorial Scope View, all supported by daily monitoring and alerts.

Source date: 12th August 2024

Overview

Legal Framework

Relevant law: Protection of Privacy Law (amendments in force August 2025), DSR and Transfer Regulations

Regulator: Privacy Protection Authority (website)

Fines and Enforcement

Maximum possible fine: ILS 5,000 (c. USD 1,400) per violation (and 5x this amount where infringer is a corporate entity).

Top fine to-date: ILS 320,000 (c. USD 86,000) in November 2022.

Compliance Overview 

Register with regulator: Not required. However, a Data Owner (controller) must register a Database with the PPA for approval in certain circumstances.

Appoint a DPO: Not required. However, the PPA considers that the voluntary appointment of a DPO is best practice.

Appoint a CISO: Certain entities (e.g. those that hold five or more Databases controlled by another entity, banks and insurance companies) must appoint a DPO.

Formal compliance programme: In order to comply with data privacy laws organisations must have appropriate documented plans, policies, processes and procedures.

Publish/provide privacy notice: Privacy information must be provided to individuals prior to the collection of their data into a Database.

Maintain records of activities: The Owner of a Database is required to maintain a document which includes a general description of Personal Data collected and purposes.

Conduct privacy assessment (DPIA): Not required. However, conducting a DPIA is generally a good practice.

Data security measures: Organisations must protect Data from being exposed, used or copied without lawful permission. Specific security requirements apply, depending on level of risk assigned to a Database.

Key Risks and Considerations

1) Robust, established regime; compliance standards less onerous than GDPR.
2)  Consent required, but implied consent generally acceptable.
3) Requirement to register personal data Databases with the PPA and assign a level of risk, which will determine the appropriate security measures to implement.
4) Severe security incidents must be notified to the PPA immediately.
5) Additional rules that apply to all data transferred from the EEA.

Find out how aosphere can help

Rulefinder Data Privacy is an easy-to-use online resource that provides practical analysis of data protection and privacy laws across key global markets. The analysis is simple to access online, easy to navigate and maintained by a dedicated team of senior lawyers.

Data Privacy - Free trial
Find out how aosphere can help