# Privacy, DPO & GRC Services for Israeli Organizations

> Full envelope of privacy services in Israel: DPO as a Service, Amendment 13 gap analysis, data mapping (RoPA), DPIA, vendor privacy & DPA, incident response, integrated GRC + Privacy (ISO 27001/27701), and public tender response. For municipalities, SaaS, healthcare, finance, education, nonprofits and kibbutzim.

**Canonical:** https://dpoisrael.com/en/services/  
**Locale:** en-IL

---
One roof.

**Full envelope** of DPO, Privacy, GRC and InfoSec services for Israeli organizations after **Amendment 13**. The core is **DPO as a Service** — formal appointment under personal accountability. Around it: gap analysis, mapping, DPIA, vendor privacy, incident response, integrated GRC, and public tender response. Buy the full bundle, or just a single service.

[Book an intro call](/en/contact) [Free check: do you need a DPO?](/en/tool/quiz/needs-dpo)

## Eight services in one place

[

### DPO as a Service

Formal appointment of an outsourced Data Protection Officer. Single contact for the Authority, management, staff, and vendors.

](/en/services/dpo)[

### Amendment 13 gap analysis

Structured review against Amendment 13 and the 2017 Security Regulations. Prioritized gap report + 90-day action plan.

](/en/services/gap-analysis)[

### Data mapping (RoPA)

Discovery and documentation of every personal-data asset — systems, fields, purposes, subjects, sensitivity, vendors.

](/en/services/data-mapping)[

### DPIA — impact assessment

Data Protection Impact Assessment for new projects, AI systems, sensitive processing or third-party data sharing.

](/en/services/dpia)[

### Vendor privacy & DPA

Vendor privacy questionnaires, DPAs (HE/EN), Transfer Impact Assessments, and contract lifecycle tracking.

](/en/services/vendor-privacy)[

### Incident response

Breach / ransomware / human error. 72-hour Authority report, data-subject communications, post-mortem.

](/en/services/incident-response)[

### GRC + Privacy combined

Integrated Governance, Risk & Compliance: ISO 27001/27701, risk assessments, controls, audits, SOC 2 readiness.

](/en/services/grc-privacy)[

### Public tender response

Professional response for public DPO tenders: documents, CVs, proposed team, SLA, conflict declarations, certifications.

](/en/services/public-tenders)

## DPO as a Service tiers

Three retainer tiers. Prices are a starting point — not a closed box. Final pricing depends on scope, sector, and number of databases. Written quote within 48 hours after the call.

### DPO Basic

Nonprofits, small businesses, small entities

4,500-6,500 ILS / month

-   ✓Formal appointment
-   ✓Basic mapping up to 3 databases
-   ✓Short-form gap analysis
-   ✓Baseline policies
-   ✓On-call incident response

[Get a quote](/en/contact)

Most popular

### DPO Public

Municipalities, mid-size companies

8,500-14,000 ILS / month

-   ✓Everything in Basic
-   ✓Full mapping of all databases
-   ✓Annual work plan
-   ✓Staff & committee training
-   ✓Quarterly & annual reporting
-   ✓SLA tracking

[Get a quote](/en/contact)

### DPO + GRC Lite

Public tenders, healthcare, fintech, SaaS

15,000-28,000 ILS / month

-   ✓Everything in Public
-   ✓Part-time CISO/GRC days
-   ✓Risk assessments
-   ✓ISO 27001/27701 readiness
-   ✓Vendor questionnaire management
-   ✓Enterprise customer support

[Get a quote](/en/contact)

## Not committing to retainer? Buy a project.

| Service | Price range | Description |
| --- | --- | --- |
| Gap Sprint (90-day quick-start) | 18,000-45,000 ILS | Gap Assessment + mapping + 90-day remediation plan. Entry product before retainer. |
| DPIA / PIA project | 6,000-15,000 ILS / assessment | Workshop, template, risk matrix, recommendations. Ideal for AI and new processing systems. |
| Vendor Privacy Pack | 3,500-9,000 ILS / vendor batch | Vendor survey, privacy questionnaires, DPA, Transfer Review. Great for SaaS and fintech. |
| Incident Privacy Support | 450-850 ILS/hr or 8,000-25,000 ILS / incident | Breach, exposure, cyber, human error. Triage, regulation, communications, lessons learned. |
| Public DPO tender response | 6,000-18,000 ILS / tender | Professional reading, response document, conflict declarations, CV and SLA. Tailored to tender requirements. |

## Services — frequent questions

### What is the difference between DPO as a Service and the GRC + Privacy package?

**DPO as a Service** focuses on the specific DPO obligations under Amendment 13: appointment, Authority response, management advice, staff training, ongoing privacy oversight. **GRC + Privacy** expands to the full Governance/Risk/Compliance framework: ISO 27001/27701, technical risk assessments, internal audits, broad oversight. Public sector combined tenders (CISO+DPO as a Service) require the combined package. See [details](/en/services/grc-privacy).

### Can we buy a standalone service without DPO as a Service?

Yes. [Gap analysis](/en/services/gap-analysis), [data mapping](/en/services/data-mapping), [DPIA](/en/services/dpia), or [incident response](/en/services/incident-response) can be purchased as standalone projects. Many clients start with a Gap Sprint or mapping, then move into a DPO as a Service retainer.

### Do you have public tender experience?

Yes. [Public tender response](/en/services/public-tenders) is part of our offering, with ready response documents, proposed team, and sample SLA. Most current Israeli public tenders (Ramat Gan, Ganei Tikva, regional clusters, universities) require a Chief DPO + bench structure — which is exactly our model.

### What about ISO 27701, GDPR, or SOC 2?

The [GRC + Privacy package](/en/services/grc-privacy) handles ISO 27701 readiness (the international privacy standard), GDPR support (for organizations active in Europe), and the Privacy controls required for SOC 2 Type II. The CISO in our bench covers ISO 27001 and the technical security framework.

### What are the actual prices?

Basic retainers start at 4,500 ILS/month for small organizations, going up to 28,000+ ILS/month for full DPO + GRC packages. Project-based services (DPIA, Gap Sprint, tender response) are priced per deliverable. Every quote is customized after a 30-minute intro call — no shock price, no surprise add-ons.

## Which services fit your organization?

30 minutes — followed by a written recommendation. No package pushing, no shock pricing.

[Book an intro call](/en/contact)