How to prepare for the law that will change digital privacy in Israel
3 mins read

How to prepare for the law that will change digital privacy in Israel

The passage of Amendment 13 to the Privacy Protection Law marks a turning point in the regulatory approach to digital privacy in Israel. The amendment, which was recently approved by the Knesset and is expected to enter into force in 2025, sets new and stricter standards for the protection of personal information and imposes significant penalties on violators. This is a comprehensive reform that will change the way organizations manage and secure personal information.

The consequences for Israeli companies are dramatic: financial fines of up to NIS 320,000 for a single violation, and the possibility of personal lawsuits of up to NIS 10,000 without proving damages. In addition to fines, the risks include reputational damage, loss of customer trust and even injunctions from the Privacy Protection Authority. The authority has been given extensive powers of supervision and enforcement, including the ability to carry out surprise audits and demand documents and information from organisations.

The perception of privacy in the digital arena will change (Credit: INGIMAGE)

The preparations for the new law require a systemic and comprehensive approach. First, organizations must conduct a thorough mapping of their data warehouses, including the identification of sensitive personal information, digital identifiers and biometric data. The mapping process shall include interviews with department heads, the use of structured questionnaires and the implementation of technical tools to automatically identify sensitive information.

At the same time, some organizations must appoint a Privacy Protection Officer with both legal and technical expertise, who will lead the implementation of an organizational culture that respects privacy. Their role also includes developing training programmes, managing risks and coordinating with the Privacy Protection Authority.

Updating security and privacy policies is another important step. This includes refreshing internal procedures, agreements with suppliers and public policy documents. At the same time, investments in advanced technical infrastructure are required to manage consent, identify personal information and protect against leaks. These systems must include advanced encryption capabilities, real-time anomaly monitoring, and mechanisms to prevent data leaks.

Employee training and implementation of security incident response programs are important components of preparation. It is recommended to develop a comprehensive training system and simulate emergency situations. The exercises should include simulations of data breaches, cyber attacks and scenarios where data subjects request to exercise their rights.

Cyber ​​Attack (Credit: INGIMAGE)

Outsourcing supplier management requires special attention. All suppliers must be mapped, periodic control surveys carried out and detailed data processing agreements arranged. It is also important to establish a steering group that will discuss security incidents and oversee the management of permissions and updates in systems, with full documentation of all decisions and actions.

The preparations for Amendment 13 are not only a legal obligation but also an opportunity to upgrade organizational processes and strengthen customer confidence. Organizations that manage to prepare in advance not only avoid sanctions but also gain a competitive advantage in the digital era. Despite the costs of preparation, the price of not preparing—both financially and reputationally—can be immeasurably high. The time to act is now.

The author is a partner and head of the Information Systems and Cyber ​​department at Fahn Kanne Management Control – GT ISRAEL.