Under the Protection of Privacy Law, 5741-1981, within 30 days after a database containing data of special sensitivity exceeds a threshold of more than 100,000 individuals to whom the data relates (see: “What Constitutes Personal Data and Data of Special Sensitivity?”), the database controller must provide the Privacy Protection Authority (PPA) with the following details:
- The identity of the database controller;
- The address and contact details of the database controller;
- The identity and contact details of the privacy protection officer;
- If the appointment of the privacy protection officer is required under section 17B1 of the Protection of Privacy Law, 5741-1981;
- A copy of the database definitions document in accordance with provisions under the Protection of Privacy Regulations (Data Security) 5777-2017
Please note: The information provided in this content is for informational purposes only and does not constitute legal advice. It is not intended to create an attorney-client relationship. If you have any questions, please contact us at: [email protected]