Recently (2017), the Protection of Privacy Regulations (Information Security) entered into effect. These Regulations determine the types of databases required for protection according to the rules detailed in the Regulations. The Regulations define the steps that the database owner must take in order to protect the database and prevent a breach of the privacy of the subjects of the information. Companies that maintain databases must define the layers of protection required for the databases, define information security policy documents, prepare scenarios and identify information security risks, along with planning on how to cope with existing threats to the databases.
Concurrently, the European General Data Protection Regulation (GDPR) entered into effect in May 2018. GDPR sets rules for the protection and security of databases containing information on citizens living in countries that are part of the European Union.
In order to help companies deal with the issue and find an accurate solution for companies and businesses, we have set up a multidisciplinary team that includes a lawyer and information security experts.
The consultancy process includes the following phases:
The purpose of the evaluation is to examine the extent to which the organization is exposed to the data protection requirements and to provide preliminary information on how to deal with the issue.
This includes, inter alia, the following topics:
We will work with you to formulate a solution based on the results of the assessment.
This will include the following topics:
In accordance with a clarification document sent by the Ministry of Justice/Privacy Protection Authority (see Registrar of Databases Directive No. 03-2018), an ISO 27001 certified organization complies with most of the provisions of the Israeli Protection of Privacy Regulations. In addition, compliance with the standard means that the organization complies with part of the GDPR requirements .
B. Carrying out technological risk assessment surveys with an emphasis on privacy protection
The assessment addresses the requirements of GDPR and privacy protection regulations for identifying threats and risks and determines ways of dealing with the risks identified in the survey.
C. Carrying out a penetration test
Companies that maintain databases with a high / medium classification are required to carry out penetration testing every 18 months.
D. Providing a legal opinion regarding the degree of compliance with the Protection of Privacy Regulations and GDPR
As needed – a legal opinion can be obtained from an attorney specializing in the field.