The Data Privacy Act
The Data Privacy Act of 2012 (DPA) is a policy of the State to Protect the fundamental human right of privacy of communication while ensuring free flow of information to promote innovation and growth.
Pursuant to Section 26 (a) of the Implementing Rules and Regulations (IRR), any natural or judicial person or other body involved in processing of Personal Data shall designate a Data Protection Officer (DPO).
What is DPO?
A Data Privacy Officer (DPO) functions as a compliance officer designated/appointed by individual/s from a sector or institution, government or private company.
Why should I appoint a DPO?
Appointing a DPO is a legal requirement under the Republic Act 10173 or the Data Privacy Act of 2012. In the private sector, ideally, a DPO is a regular or permanent position or for contract-based employment, a term of 2 years is acceptable to ensure stability.
Who should appoint a DPO?
Individual Personal Information Controllers (PICs) or those who decide what data is collected and how it is process and Personal Information Processors (PIPs) or those who process data as instructed by controllers within your organization/institution.
What happens after I appoint a DPO?
After you have appointed your DPO, your PIC or PIP must register your designated DPO to the National Privacy Commission (NPC).
Who should register?
PICs and PIPs who employ more than 250 persons, process sensitive personal information of at least 1,000 individuals, belong to sectors identified by the NPC where the processing carried out is likely to pose a risk to the rights and freedom of data subjects and the processing is not occasional, and those service providers to government.
How do I register?
Your PIC or PIP shall register their DPO by going to the registration portal of NPC and accomplishing the web form provided. This form shall be submitted to NPC along with the documentary requirements.
When should we register?
At the soonest. Deadline for registration is on September 9, 2017.