Have you defined all your databases? Appointed a data protection officer? Do you know what obligations apply to your databases?
On May 8, 2018 the new Privacy Protection (Information Security) Regulations enacted in 2017 will come into force. These new regulations are a sweeping overhaul for regulating all activity under Israeli jurisdiction pertaining to the processing of private information in both the public and private sectors.
Considering that database owners must meet other regulatory requirements and data security standards, the Privacy Protection Authority (PPA) has issued a database registrar directive on how these new regulations are to apply to ISO/IEC 27001-accredited organizations and others.
Also, on May 1, 2018 the PPA released key points of its policy with respect to severe security breach events. The policy allows gradual implementation procedure for reporting on severe security breach events. This policy clarifies reporting duties under the new regulations and removes uncertainty as to which cases require reporting and which do not.
It is obvious that the PPA has its eyes squarely focused on information security and is clearly working to boost database supervision to ensure that the vast information stored in various databases remains properly protected.
The new regulations align Israel with EU countries subject to the new EU regulation 2016/679 (General Data Protection Regulation), more commonly known as EU GDPR, which is set to come into force on May 25, 2018.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
