Israel’s Cyber Security Lessons for GDPR - Café Datenschutz-Interview with Dan Or-Hof

In the framework of the Strand Alliance partnership, we welcome Dan Or-Hof, founder of Orhof Law and Clear Path, to Munich to discuss the latest developments in Israeli privacy law.

Dan Or-Hof explains the major reform of Israel's Protection of Privacy Law (PPL) – known as Amendment 13*, which was enacted in mid-August. This amendment introduces substantial changes, including the *redefining of basic definitions (such as personal data and sensitive personal information) and the *mandatory appointment of Data Protection Officers (DPOs)*.

Key Aspects of the Reform:

Mandatory DPO: Requirements are very similar to those under the GDPR (e.g., if processing sensitive information on a large scale or conducting systematic monitoring). Notably, data brokers and all public bodies (government ministries, municipalities) must also appoint a DPO.
Increased Enforcement: The Israeli Protection of Privacy Authority (PPA) is now granted significant enforcement powers, including the ability to impose very hefty fines.
Cyber Security Focus: Unlike the GDPR, there is a strong emphasis on *information security*. DPOs are required to create an oversight plan and oversee the cyber security function of the organization.
ISO 27001 Synergy: Data security regulations in Israel, which apply universally, are closely aligned with standards like ISO 27001*. Companies that are ISO 27001 certified are *presumed to be compliant with a large degree of the Israeli data security regulations.
Legal Basis: Lawful grounds for processing remain strict. Without statutory authorization, *informed and freely given consent* is generally required, mirroring the strict interpretation by the ECJ under the GDPR.

Dan Or-Hof highlights the synergy between privacy, cyber security, and AI governance*. He also introduces *Clear Path*, a company that follows this holistic approach, offering clients a *one-stop-shop, end-to-end service in data governance (including DPO services, incident response, and AI compliance).

Referent: Dr. Sebastian Kraska, IITR Datenschutz GmbH, https://www.iitr.de
Gast: Dan Or-Hof, Or-Hof Law, https://or-hof.com/ & https://strandalliance.com/

Sections for quicker navigation:
00:00 Welcome & Introduction of Dan Or-Hof
01:08 The Major Reform: PPL Amendment 13 (Protection of Privacy)
01:30 Key Changes: Definitions, Mandatory DPOs & Enforcement Powers
02:30 Privacy at the Constitutional Level in Israel
02:59 The PPL: An Early Omnibus Law and the Need for Update
03:36 Mandatory DPOs:* Who needs to appoint a DPO?
04:33 DPO Tasks: Oversight Plan and Strong Cyber Security Focus
05:54 Privacy Regulations and the Role of the Justice Department
06:49 Information Security and ISO 27001 Synergy
08:59 Lessons for GDPR: Does Europe Need More Cyber Security Focus?
10:42 Legal Basis: Critique of the Strict Consent Approach
12:42 Holistic Approach: Synergy of Privacy, Cyber Security, and AI
13:43 Clear Path: End-to-End Data Governance Services
15:26 Conclusion and Farewell