Service

Privacy Protection Law & Amendment 13 —
Managing personal data responsibly.

Amendment 13 requires businesses to take personal data management, privacy and information security seriously. The goal isn't just to meet legal requirements — it's to reduce exposure and manage data responsibly.

Book a discovery call What's included

The rules changed. The penalties got real.

Amendment 13 to the Privacy Protection Law is the most significant update in 20 years. New obligations: appoint a Privacy Protection Officer (independent from IT/security), mandatory breach notifications to the PPA, expanded data subject rights, severe penalties (up to ₪3.2M per violation). Most SMBs aren't ready.

15+ years of overseeing regulatory compliance — financial sector directives, government data protection, national identity systems. The frameworks behind Amendment 13 aren't theoretical to us; they're what our team has been working with day to day.

Full Amendment 13 readiness.

  • Privacy law compliance assessment against Amendment 13 requirements
  • DPO (Data Protection Officer) appointment recommendation (in-house or outsourced)
  • Data flow mapping — where PII lives, who has access, retention periods
  • Privacy notices update — website, app, internal documentation
  • Breach notification runbook with PPA reporting templates
  • Data Subject Request handling procedure
  • Annual review & update support — scope and cadence defined per engagement

4-8 weeks, depending on scope.

01

Gap analysis

Current state vs. Amendment 13 requirements. Where you're already compliant, where you're not.

02

DPO decision

Should you appoint internally or outsource? We recommend based on your size and complexity.

03

Implementation

Policies, procedures, technical controls, training. We build it; you operate it.

04

Validation & handoff

Final review, breach drill, documentation package.

Do I need a DPO (Data Protection Officer)?

If your business meets certain thresholds (size, data volume, sensitivity), yes. We assess this during the engagement.

Can you serve as my DPO?

No, but we can help you recruit a DPO and/or provide it as a managed retainer service through us.

What's the deadline?

The law is already in effect (since August 2025). Enforcement is ramping up — the PPA has signaled active investigation of non-compliant organizations.

What about GDPR?

Amendment 13 brings Israeli law much closer to GDPR. If you're already GDPR-compliant, you're 70-80% of the way there. We bridge the remaining gap.

Ready to talk?

A 30-minute discovery call. Free, no commitment.

Book a discovery call