The (Republic Act 10173/DPA) and its (IRR) require (PICs) (PIPs) to register their with the (NPC).
These privacy laws provide that if the PICs/PIPs fall under any of the following, they should register with the NPC:
1. Have at least 250 employees; or
2. Process sensitive personal information of at least 1,000 individuals; or
3. Processing poses a risk to the rights of the data subject; or
4. Processing of personal information is conducted in the regular course of business.
The , while the .
The designated DPO shall be accountable for ensuring the compliance by the PIC or PIP with the DPA, its IRR, issuances by the NPC, and other applicable laws and regulations relating to privacy and data protection.
The Data Processing System in a nutshell provides for the PIC/PIP’s purposes for processing of personal information, a general description of its privacy measures, and the policies relating to data governance, data privacy, and information security.
Registration of a DPO is required prior to the registration of the Data Processing System. Upon registration of a DPO, an access code will be given to the PIC/PIP that will allow it to register its Data Processing System. In the absence of a registered DPO, a PIP/PIC will not be able to register its Data Processing System.
In case of failure to comply with these registration requirements, the PIC/PIP will be exposing itself to the risk of committing acts which are considered violations of the privacy laws such as unauthorized processing of information and facilitating unauthorized access, among others. Acts which are considered violations of the privacy laws are punishable by imprisonment of 1 year to 6 years and a fine of P500,000.00 to P4,000,000.00. The PIC/PIP may also be prevented/restrained from processing personal information. These are on top of any damages that may be claimed by the data subject.
In response to the growing public awareness and regard for data protection, it is therefore expected that PICs/PIPs will comply with its obligations to register with the NPC. Considering that personal information has become a significant oil for commerce, compliance with the directives of the privacy laws will help PICs/PIPs to become more competitive and to gain more of its stakeholders’ trust and confidence.
President & CEO
ADM and Partners
Data Privacy and Consulting Inc.