The Protection of Privacy Law, 5741-1981 requires that each database will be managed by a database manager. The database manager should be a natural person who is a senior employee of the owner or holder of the database and have the ability to operate independently. In addition, the database manager should be subject to a confidentiality obligation and bears personal liability for the security of the data in the database.
In October 2020, the Privacy Protection Authority published a draft recommendation for corporations on appointing a data protection officer (a position that is not mandatory under Israeli laws). The draft further includes a Privacy Protection Authority recommendation that in the appropriate circumstances, the same person will hold the database manager and DPO positions (See: “Do You Need to Appoint a Data Protection Officer (DPO)?”).
