'Most Innovative Startup 2020' by RSA - Watch the videoLearn More
Influenced by the European Union Data Protection Directive (95/46/EC), the Philippines passed the Data Privacy Act 2012 Republic Act. No, 10173 (the "DPA") in 2012. The purpose of the DPA is to provide rights to individuals for their enhanced control over their personal information while ensuring a free flow of information to promote innovation and growth in the Philippines. The National Privacy Commission (the “NPC''), which was established under the DPA in 2016, issued Implementing Rules and Regulations of the Republic Act. No, 10173 (the “IRRs or IRR” ). The IRRs provide comprehensive details related to lawful basis of processing, data subjects’ rights, organizations’ obligations while processing the personal information of individuals, and layout penalties for organizations in case of non-compliance with the DPA and its IRRs. Under the DPA, the purpose of the collection of personal information should be ‘legitimate’, and processing must be both ‘lawful’ and ‘fair’.
The DPA is applicable to ‘the processing of all types of personal information and to any natural and juridical person involved in personal information processing’. It covers the processing of personal information in both public and private sectors with the following exemptions:
The DPA applies to any entity whether in the Philippines or outside of the Philippines if:
Non-compliance with the DPA, its IRRs and any issuances of the NPC can lead to the administrative, civil and criminal liabilities. It can result in imprisonment of six months to seven years, with fines ranging from PHP 100,000 to PHP 5 million that depends on which type of personal information is involved. The DPA has provided detailed penalties for unauthorized processing of personal information and sensitive personal information, improper disposal of personal information, processing for unauthorized purposes, intentional breach, concealment of a security breach, malicious disclosure, and other offences pursuant to the DPA and its IRRs.
The DPA also prescribes that if the offender is a corporation, partnership, or any other juridical person, the penalty shall be imposed upon the responsible officers who participated in, or by their gross negligence, allowed the commission of the crime.
Given the complex obligations for the organisations to manage the disclosure, access, rectification and other requests of the data subjects, ensuring the effective security measures and other compliance requirements, complying with the DPA and its IRRs can be very labour-intensive and costly. Securiti automation helps you with swift and efficient compliance with the DPA and its IRRs as well as other data privacy regulation.
Securiti is the leader in AI-powered PrivacyOps and data governance. Similar to DevOps for software, PrivacyOps reimagines how to implement privacy management throughout an organisation efficiently.
Securiti is a recognized innovator in this market, having been awarded "Most Innovative Startup" at RSA Conference 2020, and Leader in the Forrester Wave: Privacy Management Software. Securiti PrivacyOps solution uniquely combines real-time data intelligence harnessing bot and AI technology with full workflow automation of all the major privacy compliance functions.