Become an expert on PrivacyOps - Start Now

Start Now

Philippines DPA

Operationalize DPA compliance with the most comprehensive PrivacyOps platform

Download the book today!

PrivacyOps - Automation & Orchestration for Privacy Compliance
Download Book
Available in PDF

In 2012, the Philippines passed the comprehensive privacy law, Data Privacy Act of 2012 Republic Act. No, 10173 (the "DPA"). The DPA recognizes the rights of individuals to have more control over their personal data while ensuring a free flow of information to promote innovation and growth. The National Privacy Commission (the “NPC''), which was established under the DPA in 2016, issued Implementing Rules and Regulations of the DPA (the “IRR or IRRs” ). The IRRs provide comprehensive details related to lawful processing, data subjects’ rights, organizations’ obligations while processing the personal data of individuals, and lays out penalties for organizations in case of non-compliance with the DPA and IRRs.

The solution

Securiti enables organizations to comply with the Philippines DPA through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

securiti dashboard

Securiti supports enterprises in their journey toward compliance with the Philippines DPA through automation, enhanced data visibility, and identity linking.

See how our comprehensive PrivacyOps platform helps you comply with various sections of the Philippines DPA.


 

Automate data subject access request handling

DPA Section 16(a)(b)(c); IRR 34(c)

The automation of the delivery and generation of secure data access reports will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the access requests.

Secure fulfillment of data access

DPA Section 16(a)(b)(c); IRR 34(c)

The information is disclosed through a secured and centralized point to data subjects within a limited timeframe. It allows organizations to timely respond to an access request and provides information in a manner that it is readily retrieved.

Automate the processing of rectification requests

DPA Section 16(d); IRR 34(d)

Fulfill data rectification requests, seamlessly, using automated data subject verification workflows across all appearances of a data subject’s personal data.

Automate object and restriction of processing requests

IRR 34(b)

With the help of collaborative workflows, build a framework for objection and restriction of processing handling based on business requirements.

Automate erasure requests

DPA Section 16(e); IRR 34(e)

Fulfill data subjects’ erasure requests, swiftly, through automated and flexible workflows.

Continuous monitoring and tracking

DPA Sections: 11, 12, 20, 21; IRRs 17- 20, 25

Keep track of risks against non-compliance to data subjects’ rights by continuously monitoring and scanning data.

Automate People Data Graph

Discover personal data stored across all your internal and external systems within the organization and link them back to a unique data subject. Also, visualize personal data sprawl and identify compliance risks.

Meet cookie compliance

DPA Sections 2(b), 12(a), 13(a); IRRs 3(c),19(a)(1)

Automatically scan the web properties within your organization and create cookie categories as per cookie properties and retention periods. Build customizable cookie consent banners as per the applicable jurisdictional cookie consent requirements.

Monitor and track consent

DPA Sections 2(b), 12(a), 13(a); IRRs 3(c),19(a)(1)

Track and honor consent and consent revocation as well as any changes to data subject’s preferences concerning the use of their personal data to prevent the transfer or processing of data without their consent.

Assess DPA readiness

DPA Sections: 4, 6, 11, 20, 21; IRRs 3(m)(n), 25, 43-47,50, 51

Measure your organization’s posture against the  DPA’s requirements with the help of our multi-regulation, collaborative, readiness, and data protection impact assessment system. It allows you to identify gaps in compliance and address the risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance against the DPA’s requirements.

Map Data Flows

IRR Section 26(c)

Track data flows in your organizations by having a centralized catalogue of internal data process flows as well as flows for data transfer to service providers and other third parties. Maintaining updated records of data processing activities enables you to demonstrate compliance with the applicable legal requirements.

Manage vendor risk

DPA Sections 20, 21; IRRs 43, 45, 50, 51

Track, manage, and monitor privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests, and manage all vendor contracts and compliance documents.

breach response notification

Breach Response Notification

DPA Section 29, 30; IRRs 38-42

Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.

Key Rights Under Philippines DPA

Access: Data subjects have the right to access their personal data held by the  personal information controller (Data controller) .

Right to be Informed: Data subjects have the right to be informed when personal information related to them is being processed by the personal information controller or personal information processor (data processor).

Correction: Data subjects have the right to request the rectification of their incomplete and/or inaccurate personal data held by the personal information controller.

Erasure: Data subjects can request the personal information controller to delete, remove, or destruct his/her personal data from their filling system.

Object: Data subjects have the right to object to their personal data being processed by the personal information controller, including processing for direct marketing, automated processing, or profiling.

Portability: The data subjects have the right to request a copy of their personal data in an electronic or structured format from the personal informational controller.

Indemnification: Data subjects have the right to be indemnified for damages sustained due to inaccurate, incomplete, false, unlawfully obtained, or unauthorized use of personal data

Complain: Data subjects have the right to file a complaint against the personal information controller before the NPC.

Quick facts about DPA

1
The DPA went into effect on the 8th of September, 2012 and the IRR came into effect on 9 September 2016.
2
Non-compliance can lead to penalties which can range from an imprisonment sentence as well as a monetary fine of $20,000-$100,000.
3
The lawful basis of processing under the DPA similar to that of the GDPR.
4
The DPA applies both to public and government sector organizations.
5
The DPA also applies to the entities established outside of the Phillippines if certain links exist to the Philippines.
6
Personal information controllers and personal information processors are required to implement reasonable and appropriate organizational, physical, and technical security measures for the protection of personal data.

Newsletter