# Amendment 13 Gap Analysis | Israeli Privacy Compliance Assessment

> Comprehensive gap analysis against Amendment 13 to the Israeli Privacy Protection Law and the 2017 Security Regulations. Prioritized gap report, 90-day action plan, management presentation. Standalone product or entry point before a DPO as a Service retainer.

**Canonical:** https://dpoisrael.com/en/services/gap-analysis/  
**Locale:** en-IL

---
Measure before you guess.

Comprehensive **gap analysis** against **Amendment 13 to the Israeli Privacy Protection Law**, 2017 Security Regulations, and Authority opinions. The deliverable: a written report, prioritized task list, 90-day action plan, and management deck. Entry product before [DPO as a Service](/en/services/dpo) — or standalone before an inspection.

## Gap Analysis — how it works

- **Duration:** 3-6 weeks
- **Price range:** 18,000-45,000 ILS
- **Pricing model:** Fixed project, not hours
- **Deliverables:** 30-60 page report + Excel + presentation
- **Participants:** Management, IT, HR, marketing, legal
- **Compared to:** Amendment 13, 2017 regulations, Authority opinions
- **Also fits as:** First step before DPO as a Service
- **Credit option:** Part of cost credited to first month if we engage

## Six steps, one report

01

### Stakeholder interviews

Management, IT, HR, marketing, legal, infosec lead. Understand the organizational vocabulary, processes, committees.

02

### Document & policy review

Existing privacy policy, database definition documents, internal policies, vendor agreements, consent forms.

03

### Compliance check vs. Amendment 13

Every relevant section of the law and 2017 regulations. "Compliant / Partial / Non-compliant" status, evidence, references, risk.

04

### Gap prioritization

Severity × risk × effort matrix. Separates "must fix now" from "nice to have within a year".

05

### 90-day action plan

Concrete tasks, owners, dependencies, deadlines. Even someone without privacy expertise knows what to do tomorrow.

06

### Management presentation

A 60-90 minute session with management and audit committee. Numbers, risks, decisions to be made.

## Six reasons to run a gap analysis this year

### Before an Authority inspection

The Authority opened an inquiry or signaled one is coming. Gap analysis can turn the event from "angry" to "constructive".

### Enterprise customer questionnaire

A large customer sends an 80-question privacy survey. Nobody can answer half. Gap analysis builds the baseline.

### Before appointing a DPO

Many organizations hire a DPO without knowing where they stand. Better a "DPO who knows what to find" than "DPO who discovers in 6 months".

### After a security incident

An incident opened your eyes. It probably wasn’t alone — gap analysis finds the next ones before they happen.

### Before a public tender

Responding to a municipal tender, but organizational privacy is far from what the tender requires. Gap analysis builds the baseline.

### Before due diligence / exit

Investor / acquirer opens the data room. Compliance check is critical, and open gaps will lower valuation.

## Frequent questions about gap analysis

### How long does a gap analysis take?

Usually 3-6 weeks from first meeting to final report. Depends on organization size, departments, databases. Small (<50 employees) — 3 weeks. Mid-size (50-300) — 4-5 weeks. Municipality or 500+ — 6-8 weeks.

### How much does it cost?

Gap Sprint — 18,000-45,000 ILS based on organization size and interview scope. Fixed project pricing, not hours. Works as a standalone service or as a first step before [DPO as a Service](/en/services/dpo).

### What is the difference between gap analysis and risk assessment?

Gap analysis checks compliance **against regulation** (Amendment 13, 2017 regulations). Risk Assessment checks **business risks** (breach, cyber, downtime). Both are needed — but gap analysis usually comes first as the baseline.

### Does it include technical security testing?

It assesses the **2017 Security Regulations** at the managerial framework level — policies, incident logging, access management, monitoring. Deep technical testing (pentest, code review) is CISO/Security work, run in parallel. The [GRC + Privacy package](/en/services/grc-privacy) bundles cyber assessments with the CISO bench.

### What do we get at the end?

A 30-60 page written report: findings, gaps, law citations, 90-day work plan, responsibility matrix. Plus Excel with task list, and a 15-20 slide management deck. All one-time cost — not a platform subscription.

### How does the analysis integrate with DPO as a Service?

Great starting point. If you choose DPO as a Service after the analysis, the report serves as onboarding baseline, and part of the analysis cost is credited toward the first month’s retainer. We want the analysis to move the organization, not sit on a shelf.

## Ready to find out where you stand?

Free 30-minute intro call. Written proposal within 48 hours.

[Book a call](/en/contact)