# DPO Appointment Letter | Template, Required Clauses, Internal Publication > Practical guide to the Data Protection Officer (DPO) appointment letter under Amendment 13 to the Israeli Privacy Protection Law: required clauses, internal publication, signatories, and when to notify the Authority. Template + conflict-of-interest declaration + the eligibility requirements that recur in public tenders. **Canonical:** https://dpoisrael.com/en/learn/dpo-appointment-letter/ **Locale:** en-IL --- The **DPO appointment letter** is the document that formally declares a Data Protection Officer's appointment under **Amendment 13**. It is essential for every subsequent action: reporting to the Authority, audit documentation, Enterprise questionnaire response, and public tender response. This guide: the 8 required fields, who signs, how to publish internally, and when to notify the Authority. ## Appointment letter at a glance - **Purpose:** Formal appointment + documentation - **Legal basis:** Amendment 13 + 2017 Regulations - **Required fields:** 8 minimum - **Database owner signatory:** CEO / chair / secretary - **Internal publication:** Within 7 days - **Privacy policy distribution:** Immediate - **Conflict-of-interest declaration:** Separate signed document - **Included in DPO as a Service:** At standard cost ## 8 essential fields Each field needs to be present, accurate, and signed. The Authority will compare your letter against the database definition document and your professional liability policy. ![Signing a legal document with a fountain pen — attention to every detail](/photos/signature.jpg) | Field | Detail | | --- | --- | | Organization name and legal ID | Official name, business / company / NGO registration number, legal entity type | | DPO name and professional ID | Full name, ID number, relevant certifications (Authority-approved DPO course, attorney, etc.) | | Appointment start date | Formal start date. Retroactive appointment is not recommended | | Scope of authority | Explicit declaration of DPO authority under Amendment 13 — database access, management meetings, Authority representation | | Professional independence | Statement that the DPO will not receive instructions about the content of their work, and will not be professionally harmed for opinions given | | Direct management reporting | Explicit statement that the DPO reports directly to management — not via a middle manager | | Official contact details | Email, phone. These are the details sent to the Authority and published internally | | Database owner signature | Signature of CEO / chair / secretary — a senior figure in the organization | ## Who is notified, how, and when | Who | How | When | | --- | --- | --- | | All organization employees | Internal email + posting on intranet/notice board. Send documentation kept. | Within 7 days of appointment | | Israeli Privacy Authority | DPO details transferred to the Authority as part of database registration or future filings, if required | As needed — per Authority guidance | | Website privacy policy | Add DPO contact details to the public privacy policy | Immediately upon appointment | | Data subjects (customers / members) | The right to contact the DPO must be available in the privacy policy | Immediately | | Vendors with DPA | Update DPA addenda with new DPO contact as the point of contact | At next contract renewal | ## 5 required declarations in the addendum Conflict-of-interest declaration appended to the appointment letter. Recurs explicitly in public tenders and Authority requirements. | Declaration | Detail | | --- | --- | | Other role in the organization | The DPO does not make processing decisions they are meant to oversee (CEO, CIO, GC are disqualified) | | Family/personal ties to officers | Declaration that no family / personal relationship creates a conflict of interest | | Roles outside the organization | Other DPO appointments — if any, whether they create a conflict with work at this client | | Financial interests | No holdings in competitor / organization-vendor companies that could create a conflict | | Update commitment | Commitment to update the organization immediately if conflict-of-interest status changes | ## Frequent questions about the DPO appointment letter ### Is a written appointment letter mandatory? Yes. Amendment 13 requires an **orderly** appointment. An oral declaration will not satisfy the Authority during an audit, and will not satisfy anyone requesting DPO documentation. Recommendation — written document + signature + distribution documentation. ### Who signs? The database owner (typically CEO) or committee chair / kibbutz secretary in a municipality / kibbutz. The DPO also signs acceptance of the appointment + a separate conflict-of-interest declaration. ### When do you notify the Authority? Amendment 13 does not require automatic notice of every appointment. But on database registration with the Authority, during an audit, or during a security incident — DPO details are transferred. A 2025 Authority opinion suggested a direction of independent reporting in the future. ### What if the DPO is replaced? New appointment + new internal publication + privacy policy update + vendor update. Document the end date of the previous DPO. ### Do you have a template? Yes. We have a bilingual (Hebrew/English) appointment letter template meeting Amendment 13 + 2017 Regulations requirements. As part of [DPO as a Service](/en/services/dpo), the appointment letter is included in the standard cost. ### Difference between an appointment letter and a "database definition document"? Appointment letter = personal document about a person (the DPO). [Database definition document](/en/learn/database-definition-document) = document about a specific database. Both are required, but they are different things. ## Need a professional appointment letter template? As part of DPO as a Service — the appointment letter and all related documents are included. [Service details](/en/services/dpo)