Article written by Haim Ravia and Dotan Hammer
Following the draft paper published in October 2020, the Israeli Privacy Protection Authority published its final paper on the advisable appointment of Chief Privacy Officers (CPOs, sometimes referred to as Data Protection Officers – DPOs) in Israeli organizations. The paper explains that although Israeli law does not mandate the appointment of CPO/DPO (other than in one isolated instance related to the Bank of Israel), the authority views the voluntary appointment as a recommended best practice for organizations whose operations involve processing personal data.
The final paper generally follows the blueprint of the draft paper, with few changes. While the original draft stated that it is “desirable” for the CPO to have in-depth knowledge of data protection laws and a sufficient understanding in the field of information technologies and information security, the final paper states that these are pre-requisites for a CPO appointment.
The final paper also recommends that the CPO be involved in the organization’s data protection related matters from the outset, that it serve as the key liaison with the Privacy Protection Authority on all matters involving the regulator, and that the CPO need not be a member of senior management so long as they report to senior management.
CLICK HERE to read the Israeli regulator’s final recommendations on CPOs (in Hebrew).