DPO DPO Israel
Open as Markdown
I live on a kibbutz. This service was written from the inside.

DPO for kibbutzim and cooperative societies in Israel
Amendment 13 without a generic template.

A kibbutz and a cooperative society are a privacy-heavy organization: members database, welfare, education, kibbutz clinic, CCTV, and corporate subsidiaries — all under one legal entity. Amendment 13 to the Privacy Protection Law makes this an urgent issue in 2026, and most kibbutzim have no organized response. A DPO for a kibbutz must know the structure from the inside — cooperative, renewing or hybrid — not from a corporate template.

Kibbutz community office with data mapping, binders and privacy planning
Where mistakes happen

A kibbutz is not “just another small business”

The uniqueness of a kibbutz is not only the number of databases. It is the fact that community, business, education, welfare and family life touch each other. That demands more delicate privacy governance than a standard company.

Many systems, no single owner

Member registry, education, clinic, accounting, community app and CCTV are each managed differently, with no single privacy picture.

Organizational legacy

Excel files, committee folders, absorption documents and old archives keep circulating after the official system has changed.

Committees and vendors

Committees receive sensitive data for decisions, while external vendors get access without DPAs, restricted permissions or deletion rules.

Internal community transfers

It is easy to forget that even “internal” sharing inside a kibbutz can be personal-data transfer requiring purpose, permission and documentation.

Databases

The 9 databases every kibbutz has — and their sensitivity

Without mapping there is no gap analysis, and without a gap analysis there is no real protection. These are the databases I map in every kibbutz when starting an Amendment 13 engagement.

Database Sensitivity
Kibbutz members Basic – Medium
Welfare High
Kibbutz clinic Special-sensitive
Education — kindergartens & school High
Branch employees Medium
Absorption High
CCTV Medium – High
Kibbutz corporations & factories Varies
Expansion / residential neighborhood Medium
What the DPO does

Deliverables for a kibbutz, beyond appointment

A kibbutz DPO should leave behind an operating system: who owns privacy, where the data is, who gets access, and what happens during an incident.

Data mapping by branches, committees, systems and vendors
Controller ownership and reporting line to management / board
Privacy incident playbook adapted to the kibbutz and its subsidiaries
Training for community managers, committees, education, welfare and clinic teams
Vendor, CCTV, community-app and permission review
Quarterly report with gaps, decisions, owners and timelines
Kibbutz structures

Amendment 13 across the three kibbutz models

Cooperative kibbutz (~12%)

Full sharing of assets and income. One central members database with the whole life picture: salary, welfare, health, community. Sensitivity is high, but centralization simplifies oversight — so Amendment 13 preparedness in a cooperative kibbutz is usually simpler.

Renewing kibbutz (~76%)

Each household is an economic unit. Databases are distributed, asset allocation, personal salary data, sometimes independent business activities. This is where most of the Amendment 13 pain lives — scale and complexity are high, and it is not enough for the secretary to "be in charge of privacy". A renewing-kibbutz DPO who deeply understands the structure is needed.

Hybrid (sazori) kibbutz (~12%)

A hybrid model — members choose between renewing and cooperative. Both structures run in parallel, adding a layer of complexity to database management and Amendment 13 implementation.

Brit Pikuach circular

Why Brit Pikuach circular 55/19 is no longer enough

In June 2019, Brit Pikuach published circular 55/19 on applying the Privacy Protection Law in kibbutzim. The circular charted a useful path for mapping databases and assigning security tiers under the 2017 regulations.

But — a regulatory earthquake has happened since. Amendment 13 for kibbutzim changes the picture entirely:

  • Amendment 13 took effect 14-Aug-2025 — a new statute with new duties.
  • A DPO obligation that did not exist in 2019.
  • Administrative monetary penalties from hundreds of thousands up to millions of shekels.
  • Personal criminal liability for decision-makers.
  • New PPA guidance documents (informed consent — 2026, DPO appointment — 2025).

A kibbutz that relies only on the 2019 baseline does not meet Amendment 13.

Action plan

Amendment 13 in a kibbutz — practical action plan

Typically 90–120 days from appointment to a clear picture and an initial implementation of a kibbutz DPO program.

01

Appointment & controller

DPO appointment document, controller identity (usually the kibbutz secretary or board chair).

02

Map the 9 databases

Members, welfare, clinic, education, employees, absorption, CCTV, corporations, expansion. Owner, vendors, fields.

03

Tailored gap analysis

Review against Amendment 13 and Information Security Regulations. Prioritized gap list.

04

Closing gaps & training

Procedures, permissions, vendor contracts, committee training, incident playbook and a culture of privacy.

Amendment 13 for kibbutzim — frequently asked questions

Does Amendment 13 apply to a kibbutz?
Yes. Amendment 13 applies to every Israeli entity that processes personal data, and a kibbutz is a cooperative society that processes personal data at scale — members, children, employees, clinic patients, welfare applicants. The question is not "does it apply?" but "to what intensity?".

Must a kibbutz appoint a Data Protection Officer?
A kibbutz is a cooperative society, not a public body, so the automatic DPO obligation does not apply. But if the kibbutz processes sensitive personal data on a large scale (members + welfare + health + education + minors) — which is almost always the case — it falls under the "large-scale processing of sensitive data" category that triggers the obligation to appoint a DPO. In a renewing kibbutz this is the rule, not the exception.

How does Amendment 13 differ between a renewing kibbutz and a cooperative kibbutz?
In a cooperative kibbutz, full sharing means one large central member database. In a renewing kibbutz (~76% of kibbutzim in Israel), each household is an economic unit — there are per-household databases, asset allocation, individual salary data, and sometimes independent business activities. That amplifies scale and complexity and makes a kibbutz DPO especially critical.

What about kibbutz corporations — factories, agriculture, subsidiaries?
A commercial entity owned by the kibbutz is a separate legal person. If it is a vendor to a public body, trades in data, or processes sensitive data at scale — it requires its own DPO. Most large kibbutz factories already qualify, even if the kibbutz itself does not.

Brit Pikuach audit circular 55/19 — is it still relevant?
Partially. The June 2019 circular charted a useful path for database mapping and security tiering. But it predates Amendment 13 — it does not mention the DPO obligation, the new monetary penalties, or the windows that have already passed. A kibbutz that relies only on the 2019 baseline does not meet Amendment 13.

Kibbutz CCTV — what does Amendment 13 say?
A camera in a kibbutz public space is a database. You need: visible signage, a defined and proportionate purpose, a matching security tier, and a retention and deletion policy. In a kibbutz it is especially sensitive because cameras also capture children who are not members (expansion residents, visitors) — which mandates a higher security tier.

Who in the kibbutz should be the Data Protection Officer? The secretary? The community manager?
Neither. Both the secretary and the community manager make business decisions that the DPO is supposed to oversee — an inherent conflict of interest. The Authority has been clear about this. The practical model for kibbutzim: an outsourced DPO who works with the committees and management but is not subordinate to them.

Kibbutz WhatsApp groups — direct marketing?
Depends on the content. Organizational announcements to members are internal communications. But trade groups ("for sale", "looking for") with auto-added members, or promotional broadcasts from kibbutz businesses, can fall under the direct-marketing rules. Amendment 13 for kibbutzim requires a content-by-content review.

How much does a DPO service for a kibbutz cost?
Depends on the kibbutz size, complexity (cooperative / renewing), number of corporate subsidiaries, and number of databases. Have a look at my tiers, or just talk to me.

Kibbutz secretaries, community managers, committee chairs — I speak your language.

Free 30-minute intro call. I’ll explain where the kibbutz stands against Amendment 13, and the first steps.

Book a call for your kibbutz