Privacy expert: GDPR provides opportunity for Israeli hi-tech

The figures published by multinational law firm DLA Piper last week show that many organizations have heeded the new breach notification regulations.

Prof. Patrick Van Eecke, partner and global co-chair of DLA Piper's privacy, data protection and security practice (photo credit: Courtesy)
Prof. Patrick Van Eecke, partner and global co-chair of DLA Piper's privacy, data protection and security practice
(photo credit: Courtesy)
Since the European Union’s General Data Protection Regulation (GDPR) noisily entered into force eight months ago and transformed the digital global landscape of consumer data protection and privacy, more than 59,000 personal data breaches have been notified to regulators.
The figures, published by multinational law firm DLA Piper last week, show that many organizations have heeded the new breach notification regulations, likely wary of the heavy financial sanctions likely to result from sweeping data breaches under the carpet.
Yet since the GDPR was adopted in April 2016, the European Union has been eager to assure businesses that the binding regulations not only entail obligations, but also opportunities.
The regulations also provide clear opportunities for Israel’s ever-growing data privacy and analytics technologies sector, according to Prof. Patrick Van Eecke, partner and global co-chair of DLA Piper’s privacy, data protection and security practice.
“The GDPR has created new markets,” Van Eecke, who advised the EU over the regulations, told The Jerusalem Post during a recent visit to Israel, where DLA Piper has been active since 2012, led by Jeremy Lustman and Naomi Maryles.
“Not just for consultants, typically law firms, to advise on how to comply with GDPR, but also for software developers who put products on the market,” he said.
One of the key obligations brought in by the GDPR was the notion of “privacy by design,” meaning that any kind of product put on the market should be designed to be privacy friendly – a common feature of Israeli products due to domestic data protection legislation that preceded the GDPR.
“Companies who take that into account and create products and software with embedded privacy by design have a huge competitive advantage going to the markets, competing with companies that do not have the kind of regulatory background that exists in Israel,” said Van Eecke.
A second opportunity for Israel’s hi-tech sector, he added, lies in its renowned expertise in data analysis.
“For companies to become GDPR compliant, the first thing they need to know is what kind of data they have on their system and with whom they share it,” said Van Eecke.
“These Israeli companies, who have always been very good at data analytics for other purposes, can now apply it for companies who would like to know what kind of data they hold.”
Israeli data security regulations came into effect in May 2018 at the same time as the GDPR, but in some cases even exceed EU requirements. The country’s advanced data protection laws have led Israel to be included on the EU’s “white list,” one of a handful of countries permitted to freely receive data collected within Europe.
“From a commercial perspective, it is fantastic for Israeli companies. Without any hesitation or hurdle, they can collect personal data on European territory, channel it to Israel and process it, only because it’s covered on the white list,” said Van Eecke.
“It also impacts multinational companies, for whom it can become more and more important to actually decide where to locate their servers. Israel is attractive from that perspective, and this would be an additional incentive for companies from a strategic perspective when deciding where to store data and where to work with local data processing companies.”
Until the May 2018 deadline, Van Eecke said companies were primarily concerned about how to comply with the impending implementation of the GDPR. Today, however, businesses worldwide – including Israeli ones – are performing a comparative analysis in order to ensure that they comply with the necessary demands, but not over-investing in relation to their competitors.
“You want to pay respect to the privacy of your end users, but nobody wants to be the best in class because it’s compliance,” he said.
“For me, that’s one of the businesses’ most pressing concerns. Are they doing well enough to meet the baseline obligations of GDPR, but also are they doing more or less than European companies?”


Tags privacy