Database Definition Document — Full Guide
The Database Definition Document is the foundational document required by Israel’s 2017 Security Regulations for every database at medium or high security level. It defines the database’s "identity": owners, responsible parties, purpose, data types, security level, vendors, and retention period. Without a valid document — the organization doesn’t meet 2017 regulations, and Amendment 13 also requires this information. Within DPO as a Service, the document is delivered alongside the related security procedure.
15 essential fields
| Field | Detail |
|---|---|
| Database name | Descriptive name + formal name as registered with Authority (if registered) |
| Database owner | Legal entity holding and maintaining the database (company, NGO, authority) |
| Database manager | Physical person directly bound to the owner — usually CEO / company manager |
| Information security manager | Person responsible for database security — usually CISO or IT Manager |
| Data Protection Officer (DPO) | If required under Amendment 13 — name, contact details |
| Database purpose | Why data is collected and used — specifically, not "business management" |
| Legal basis | Consent / contract / legal obligation / legitimate interest |
| Data types | Field details: name, ID, address, banking details, medical data, etc. |
| Data subject types | Employees, customers, vendors, volunteers, members, etc. |
| Data source | How data arrives — directly from person, vendor, government body |
| Record count | Estimate — important for determining security level |
| Security level | Basic / Medium / High — per 2017 regulations |
| Processed via | Systems, vendors, processors that touch the database |
| Retention period | How long data is retained, when deleted |
| Update date | Last document update date |
How to determine security level
Security level drives every technical and organizational requirement. 2017 regulations define three levels, with a "minimum" per data type classification.
| Data type | Min. security level |
|---|---|
| Basic data | Basic |
| Financial data | Medium |
| Medical data | High |
| Data on minors | High |
| Biometric data | High |
| Opinions & identity data | High |
Frequent questions about Database Definition Document
Difference between Database Definition Document and RoPA?
Which databases require a Database Definition Document?
How to determine security level?
Is there an Authority template?
Who signs the document?
Validity period?
What if we don’t have documents?
What if the database was registered with Authority years ago — does it need updating?
Need Database Definition Documents?
Data mapping service prepares all required documents — professional, organized, yours to keep.
Data mapping service