Personal Data Transfers to Israel

Data Transfers, Israel, It’s probably common knowledge amount DPOs that the European Commission approved Israel’s status as a country that provides an adequate level of protection for personal data transferred from the EU – i.e. that has an adequacy decision.

The decision removes many significant substantive obstacles that companies previously needed to overcome in order to transfer personal data from the EU or the UK to Israel. In practical terms the decision will make it easier for EU and UK entities to engage Israeli service providers (for example, in the area of financial services or analysis, insurance services or health data processing), for international companies to share personal data with their Israeli headquarters or affiliates, and for Israeli companies to conduct business with the EU.

“Let’s say, ‘caveat’

Our consultancy team looked into this in more detail, and after discussing the matter with several departments within the ICO we discovered there is a, let’s say, ‘caveat’.

Regulatory bodies have taken the stance that Israel’s adequacy decision only applies to the state of Israel as recognised by international law. This means it does not apply to the Golan Heights, the West Bank (including East Jerusalem) or the Gaza Strip.  This will include significant cities that house many companies providing services to EU and UK clients. These include Gaza City, Hebron, Nablus, Rafah and Ramallah.

If personal data is transferred to Israel and then on to any of these areas, the second part of the transfer will require an additional safeguard and almost certainly a transfer risk assessment to comply with the GDPR.

We’re sharing these findings because what it means in practical terms is that if the personal data your company is responsible for is finding its way to these locations, and you haven’t done the extra work to validify the transfer, you could be found to have breached the law.

It’s the ‘what if’ situation… What if there was an issue and the regulator asked you to justify why you were sending personal data to a place where it may not have been secure?

If this affects you and your business, if you want to be compliant with the GDPR and build a structured data security management strategy, Ametros Group specialises in just that.

Do you need help with GDPR?

Remember that the GDPR wasn’t created to make it more difficult for you to run you business, or to be profitable, no one wants to make things harder than they have to be; you just need to make the right decisions for your business.

We represent and support hundreds of organisations as their independent external Data Protection Officer, and we’ll always happy to take on new clients.

About Ametros Group

Ametros Group is a multi-award winning data privacy outsourcing provider. The company helps organisations to comply with various data privacy laws including EU GDPR and the UK Data Protection Act 2018 through consultancy, compliance framework implementation, auditing, Data Protection Officer outsourcing and EU/UK Representative services. Established in 2015, our multi-award winning team of data privacy experts have worked with FTSE100, Fortune500 and SMEs to deliver data protection excellence around the globe.

Press Contact

Ametros Group

press@ametrosgroup.com