SYSTRU TECHNOLOGY
GDPR · Privacy Law · DPO

DPO & Privacy

External Data Protection Officer — full compliance with Israeli Privacy Law and GDPR.

A professional Data Protection Officer embedded in your organisation: full coverage of Amendment 13, GDPR and CCPA — without paying for a full-time hire.

Up to 60% saving vs. an internal DPOGDPR · Amendment 13 · CCPA · HIPAA72h response to a privacy incident (as required)
Contact usFit Assessment

What's included

External Data Protection Officer (DPO as a Service)
Israeli Privacy Law (Amendment 13) and GDPR compliance
Data mapping and regulatory filings
Privacy policies and internal procedures
Data subject request management
Regulatory audit preparation

Who is this for

Businesses, clinics, NGOs and institutions required to appoint a Data Protection Officer or comply with GDPR.

The challenge → the solution with SYSTRU

Without SYSTRU

  • Obligation to appoint a DPO under Amendment 13 — and no one to fill the seat
  • Fines of up to 4% of global turnover for GDPR non‑compliance
  • Data‑subject requests (DSR) with no orderly procedure
  • 72‑hour breach reporting — without a ready playbook

With SYSTRU

  • A qualified DPO embedded in your organisation — regulator‑recognised
  • Up to 60% saving vs. an in‑house DPO
  • Policies, procedures and a complete RoPA from day one
  • Privacy‑incident handling and regulator representation — no stress on you
Where SYSTRU comes in

Where SYSTRU comes in

Amendment 13 to the Israeli Privacy Law and GDPR changed the rules of the game: a mandatory DPO, 72‑hour incident reporting, fines of up to 4% of global turnover. Most organisations simply aren't built to take this on alone. SYSTRU steps in with a professional outsourced DPO who owns the full responsibility: data‑set mapping, policies, data‑subject request handling and representation before the regulators — at a fraction of the cost of a full‑time hire, with senior experience across many organisations.

Our areas of responsibility

01

Privacy documentation

  • Privacy policies and internal procedures
  • Records of Processing Activities (RoPA)
  • Data Processing Agreements (DPA) with vendors
  • Privacy notices, consents and cookie banners
02

Oversight, control & incidents

  • Data Protection Impact Assessments (DPIA) for new projects
  • Handling Data Subject Requests (DSR / SAR)
  • Privacy incident response and 72-hour regulator notification
  • Internal audits of processing activities
03

Training & representation

  • Privacy training for staff and management
  • Customer and regulator questionnaire responses
  • Representation before the Israeli PPA and EU DPAs
  • Regular reporting to executives and the board

How it works — a structured engagement

  1. 01

    Map processing

    Identify all data-processing touchpoints, build an initial RoPA and identify gaps against Amendment 13 and GDPR.

  2. 02

    Build policies & documents

    Privacy policy, internal procedures, vendor DPAs and data-subject notices.

  3. 03

    Establish controls

    Technical and organisational controls — data minimisation, encryption, access management, retention and deletion procedures.

  4. 04

    Training & ongoing service

    Staff training, request handling, customer/regulator representation, monthly management reports.

  5. 05

    Full compliance & audits

    Internal audits, privacy-incident simulations, external audit preparation and ISO 27701 certification readiness.

Pricing model

Tailored pricing

Monthly retainer scaled to organisation size and number of data sets. DPIAs, privacy assessments and incident representation are priced separately.

Get a tailored quote

Measured outcomes

12h
Monthly hours in the basic retainer
72h
Regulator notification window for incidents
≤30 days
Response time to a data-subject request
100%
Coverage of data sets in the RoPA

Frequently asked questions

Do we have to appoint a DPO?+

Under Israeli Privacy Law (Amendment 13), organisations holding medium/high-sensitivity databases must. Under GDPR — any organisation processing significant volumes of EU personal data must. We'll help you determine your obligation.

What's the difference between a DPO and a CISO?+

A CISO owns technical information security. A DPO owns the legal and regulatory side of privacy — data subject rights, privacy-law compliance and database governance. The roles complement each other, and we provide both.

Is an outsourced DPO legally recognised?+

Yes. Both GDPR and Israeli law allow an outsourced DPO. A formal service agreement, professional independence and full access to the organisation and regulators are required — we provide all of them.

What happens during a privacy incident?+

Our DPO is available 24/7. Within 72 hours (as required by GDPR and Israeli law) we manage the assessment, regulator notification, notice to affected subjects and full documentation.

How long does it take to reach full compliance?+

Typically 2–4 months for baseline compliance and 6–12 months for full institutional compliance. Depends on organisation complexity, number of data sets and current baseline.

Interested in learning more?

Leave your details and one of our experts will get back to you within 24 hours.

Contact usWhatsApp
CallWhatsAppGet a Quote