DPO DPO Israel
Open as Markdown

DPO for Nonprofits
and NGOs.

Social NGOs, friends-of organizations, charities and social institutions manage donor, volunteer, beneficiary, and direct-mail databases — sometimes at very large scale. Amendment 13 + Spam Law + Registrar of Associations reporting = a complex framework. Outsourced DPO for NGO, with pricing tiers tailored to nonprofit budgets.

Databases

8 typical NGO databases

DatabaseDetails
Active donors Contact details, donation history, marital status (for family mailing), preferences
Prospect donors Prospects database, list purchases, event leads
Volunteers Details, police clearance (when relevant), hours, specialties
Beneficiaries & clients Families in distress, Holocaust survivors, people with disabilities — sometimes special-sensitive data
Program participants Workshop / camp / enrichment program registration
Direct mailing Mailing lists, consent and unsubscribe management
Employees & activists Employee files, salaries (for paid-staff nonprofits)
Events & registrations Fundraising event registration, thank-you events, vendors
Challenges

Six issues unique to NGOs

Direct mail at scale

NGO sending newsletter to 50,000 subscribers, multi-year fundraising appeals. Spam Law, Communications Law + Amendment 13 — complex combination.

Data on families in distress

Aid NGOs (Aksen, Pitchon Lev, Latet) manage beneficiary databases with special-sensitive data. High security level + careful handling procedures.

CRM with donation companies

NGO CRM — Salesforce, NeonOne, Plotis — contains detailed donation history. Requires DPA + Transfer Impact Assessment for US vendor.

Volunteers working with databases

Volunteer working from home with a phone database — got access to beneficiary list. Requires confidentiality agreement, training, and controls.

Dual regulatory reporting

Registrar of Associations + Companies Authority (for benefit corp) + Tax Authority — each requires reporting. Sometimes DPO is part of annual report.

Fundraising, grants, and foundations

Application to a foundation or major donor requires compliance check. Including DPO proof and Privacy program. More international donors require this.

Who must

Which NGO must have a DPO?

Small NGO

<100,000 ILS annual revenue

Usually not required

No significant sensitive data, no large-scale mailing, no public-body sharing — usually exempt. Still recommended: internal privacy policy.

Mid-size NGO

100,000-2,000,000 ILS

Check

Depends on type: welfare NGO with beneficiary databases = required. Cultural NGO with subscriber list = usually not. Personal consultation needed.

Large NGO

2,000,000-10,000,000 ILS

Yes, required

Usually has a large CRM, donor list, volunteer activity, and sometimes beneficiaries. All trigger scale.

Very large NGO / charity

>10,000,000 ILS

Yes, required + complexity

Complex management systems, branches, sharing with international vendors. Requires full GRC or DPO + GRC Lite.

Frequent questions from nonprofits & NGOs

Small NGO — required to have DPO?
Depends on scale and data type. NGO with 200 members and no sensitive data — usually not. NGO with 10,000 donors, active mailing list, and volunteer database — usually yes. Tip: Even NGOs that aren’t required increasingly get DPO requests from foundations, funders, and ministries.

What about direct mail?
Spam Law requires explicit consent before sending promotional mail. NGO sending donation request — falls under the section. Required: clear opt-in, unsubscribe option in every message, consent documentation. Amendment 13 adds another layer of obligations.

NGO CRM — requires DPA?
Yes. Every SaaS vendor processing data on donors, volunteers, or beneficiaries requires a DPA addendum. Popular CRMs (Salesforce, ClickPro, Netvision) offer their own standard DPA — usually sufficient to sign.

Do you have NGO-friendly pricing?
Yes. NGO retainer is usually lower than commercial market. Mid NGO — 4,000-7,000 ILS/month. Large NGO — 7,500-13,000 ILS/month. Very large NGO / charity — 13,000+ ILS. We also work pro-bono with one or two NGOs per year — send us an inquiry.

What about volunteers working from home?
Required: signed confidentiality agreement, basic training, controlled access (not sending an Excel file with 50,000 rows — but role-based system access), and monitoring. If volunteer won’t agree to terms — cannot work with the database. Not hard — just need to build.

What about international foundations requiring compliance?
More US, European, and Australian foundations require grant-receiving organizations to show active Privacy Program, DPO, and GDPR compliance if relevant. We help build the report that meets the requirement.

Do you have NGO experience?
Yes. We work with social NGOs, friends-of organizations, and charities in diverse fields. We know the Registrar of Associations reporting cycle, and the special needs of donation and volunteer databases.

NGO directors, CEOs, board chairs — let's talk.

30-minute call, adapted to NGO type and pricing tier.

Book a call