Privacy Protection Law

Share

The Privacy Protection Law - Why it's important to be protected, prepared, and ready?

Today, almost every business maintains a digital database that includes a lot of data about its customers, suppliers, and employees, and the legislator has set conditions for maintaining the privacy of the information stored in it.

The Privacy Protection Authority published a document stating that even a database storing email addresses alongside only their owners" names must be reported. Is this a logical requirement due to concerns about privacy violations?

The data contained in this type of database can compromise the privacy of the individuals included in it. For example, if the domain name of an email address indicates a person's workplace, their affiliation with a particular political organization, or in exceptional cases, even their sexual orientation, this can provide very personal data, thus raising concerns about privacy violations.

In May 2018, the Protection of Privacy (Information Security) Regulations came into effect, which apply to any entity in Israel, and the European Union's GDPR legislation, which applies to any organization holding and processing information on EU citizens and residents, regardless of the organization's location.

The Privacy Protection Authority will begin operating a new system that will conduct audits in several bodies holding a large amount of personal information. Serious violations of the law may lead to the initiation of administrative or criminal enforcement proceedings, according to the Authority's authority and discretion.

The dangers involved in this offense:
Damage to reputation and customer churn
Loss of market and customers due to the requirement to present legal compliance as a condition for business engagement
Damage claims and class action lawsuits

And from the Europeans' side:
Fines of up to 4% of turnover or 20 million euros—whichever is higher!

At Brazili Firm, we offer you a wide range of privacy protection services including:

  • Analysis and mapping of organizational processes to identify sensitive data and processes – Data Protection Impact Assessment
  • Mapping and classifying the organization's databases to define the required level of protection.
  • Preparing a gap analysis report between the current situation and regulatory requirements.
  • Preparing a detailed action plan to address gaps.
  • Update and write necessary procedures, such as a data breach incident reporting procedure.
  • Preparation and delivery of training sessions.
  • Providing recommendations to the legal department regarding changes and additions required in the engagement agreements.

And also additional services:

  • Performing an information security survey
  • Penetration testing
  • Review of the organization's preparedness for regulatory compliance
  • Consulting and ongoing organizational support

Let's talk about your goals.

This site uses cookies to improve your browsing experience, provide recommendations, and for statistics. Privacy Policy