Question 1

Is a small municipality required to have a DPO?

Accepted Answer

Yes. Amendment 13 does not differentiate big from small. Every public body must appoint a DPO. One relief: a small regional council can appoint a shared DPO with another council, or participate in a cluster framework. "Doing nothing" is not an option.

Question 2

We have a CIO / internal auditor / general counsel — can we pile the role on them?

Accepted Answer

No, due to structural conflict of interest. The Authority’s 2025 guidance explicitly disallowed such combinations in authorities. CIO makes operational decisions DPO is supposed to oversee. Internal auditor has a different role. GC handles the entire organization and cannot provide independent privacy opinion.

Question 3

How do you choose a DPO for a local authority?

Accepted Answer

Via public tender, per Mandatory Tenders Law. Typical eligibility: 12-60 months privacy consulting experience, relevant education (law / IT / accounting), an Authority-approved DPO course, public sector experience, and professional liability insurance. See tender response support.

Question 4

How much does a DPO cost for a local authority?

Accepted Answer

In tenders we see — retainer ranges 4,000-14,000 ILS + VAT per month, depending on authority size, number of municipal corporations, and scope. Students Union tender set a cap of 5,000 ILS + VAT. Afula procurement saw bids in the 1,000-7,000 ILS range.

Question 5

What about municipal corporations (water, sewage, housing)?

Accepted Answer

Each municipal corporation is a separate legal entity, usually a public body in its own right. Requires separate DPO, or shared DPO with the authority covered by internal agreement. Most municipal corporations we see have missed this obligation.

Question 6

What about city CCTV / license plate recognition?

Accepted Answer

Public-space CCTV is processing at scale, and recognition systems (faces / plates) are automated decisions. Required: DPIA, public signage, defined and proportionate purpose, defined retention, security controls.

Question 7

Are there special requirements for an Authority DPO?

Accepted Answer

Yes. Per Authority guidance, an Authority DPO needs: (1) Approved DPO course; (2) 12+ months privacy experience in a public body; (3) Education in law / accounting / technology; (4) Conflict-of-interest declaration; (5) Professional liability insurance.

Database	Sensitivity	Note
Residents & voters	Basic-Medium	Name, ID, address, marital status, children, resident status
Property tax & collection	Medium	Properties, charges, payment plans, arrears
Welfare & social services	Special-sensitive	Family file, personal aid, domestic violence, children at risk
Municipal education	High	Schools, kindergartens, boarding schools. Data on minors, parents, assessments
Public health	Special-sensitive	Mother-and-child clinic, pregnancy counseling, public health monitoring
Planning & construction	Medium	Permits, objections, personal documents
City CCTV	Medium-High	Public-space cameras, license plate recognition, facial recognition
Municipal corporations	Varies	Water, sewage, housing — each separate database with separate DPO
Vendors and subcontractors	Medium	Contracts, vendor databases, procurement management
Municipal employees & elected officials	Medium	Employee files, salaries, pensioners, elected officials

Tender	Date	Type	Note
Ramat Gan Municipality 21/2026	Deadline 20.05.2026	Pure DPO	Public tender for Data Protection Officer services
Ganei Tikva Municipality 2/2026	Closed 30.04.2026	Combined CISO+DPO	Required dedicated professional staff + collaboration
Arraba Municipality 32/2025	Closed 25.12.2025	Pure DPO	Dedicated outsourced service
Sharon/Negev Clusters 6/25	Extended to 23-24.06.2025	Cluster framework	36 months, up to 5 winners, 4% management fee

DPO for Local Authorities
and municipal corporations.

10 typical municipal databases

Authority regulatory framework

Amendment 13 — public body

2017 Security Regulations

Freedom of Information Law

Spam law and Communications Law

State Comptroller requirements

Public DPO tenders

Municipal DPO tenders — recent examples

Frequent questions about DPO for local authorities

Is a small municipality required to have a DPO?

We have a CIO / internal auditor / general counsel — can we pile the role on them?

How do you choose a DPO for a local authority?

How much does a DPO cost for a local authority?

What about municipal corporations (water, sewage, housing)?

What about city CCTV / license plate recognition?

Are there special requirements for an Authority DPO?

Mayor, CIO, Treasurer — let's talk.

DPO for Local Authorities and municipal corporations.

10 typical municipal databases

Authority regulatory framework

Amendment 13 — public body

2017 Security Regulations

Freedom of Information Law

Spam law and Communications Law

State Comptroller requirements

Public DPO tenders

Municipal DPO tenders — recent examples

Frequent questions about DPO for local authorities

Is a small municipality required to have a DPO?

We have a CIO / internal auditor / general counsel — can we pile the role on them?

How do you choose a DPO for a local authority?

How much does a DPO cost for a local authority?

What about municipal corporations (water, sewage, housing)?

What about city CCTV / license plate recognition?

Are there special requirements for an Authority DPO?

Mayor, CIO, Treasurer — let's talk.

DPO for Local Authorities
and municipal corporations.