Pr-Hof Law

A Leading Technology, Data Protection & Cyber Law Firm

Are there Rules for Engaging Outsourcing Services?

Engaging outsourcing services for the processing of personal data is governed by section 15 of the Protection of P Regulations (Data Security) 5777-2017 and the Privacy Protection Authority Guidelines 2/2011 on the Use of Outsourcing Services of Processing Personal Information. 

The regulations and Privacy Protection Authority guidelines provide instructions to database owners and managers when engaging in data processing outsourcing services. Database owners should (i) perform risk assessments prior to engagement; (ii) engage the outsourcing service provider under a written agreement carrying specific statutory requirements; (iii) require from the service provider a set of pre-defined written minimum mandatory security requirements; and (iv) take measures (e.g., audits) for controlling and monitoring the outsourcing service provider’s compliance with its obligations under the agreement and the regulations.