Please Login

Forgot password?
×

General Terms and Conditions for Data Privacy Act of 2012 Compliance

1. Principles of Data Privacy

Organizations must adhere to these principles when handling personal data:

  • Transparency: Inform data subjects about how their data will be collected, processed, and used.
  • Legitimate Purpose: Collect data only for lawful and specific purposes.
  • Proportionality: Collect and process only data that is necessary for the declared purpose.

2. Data Subject Rights

Individuals have the right to:

  • Be informed about the processing of their personal data.
  • Access their data.
  • Object to data processing.
  • Correct or update their data.
  • Erase or block their data under certain conditions.

3. Consent

  • Obtain explicit, informed, and voluntary consent from the data subject before processing personal data.
  • Clearly state the purpose of data collection at the time of obtaining consent.

4. Security Measures

  • Implement organizational, physical, and technical security measures to protect personal data from unauthorized access, processing, and disposal.
  • Regularly review and update security measures to address emerging threats.

5. Data Processing Standards

  • Process data lawfully and in compliance with the declared purposes.
  • Retain data only for as long as necessary to fulfill the purpose of processing.

6. Data Sharing and Transfer

  • Obtain consent before sharing personal data with third parties, except when allowed by law.
  • Ensure third parties comply with the same data protection standards.
  • For international data transfers, ensure the recipient country has adequate data protection measures.

7. Data Breach Management

  • Notify the National Privacy Commission (NPC) and affected individuals within 72 hours of discovering a breach that poses a risk to data subjects.

8. Appointment of a Data Protection Officer (DPO)

  • Designate a DPO responsible for ensuring compliance with the DPA and acting as the point of contact for the NPC and data subjects.

9. Regular Compliance Audits

  • Conduct regular privacy impact assessments and audits to ensure compliance with the DPA and its implementing rules.

10. Accountability

  • Maintain records of processing activities.
  • Train staff on data privacy principles and policies.

Penalties for Non-Compliance

The DPA of 2012 imposes penalties for violations, including:

  • Fines ranging from PHP 500,000 to PHP 5 million.
  • Imprisonment ranging from 1 to 6 years, depending on the severity of the violation.

Regulatory Authority

The National Privacy Commission (NPC) oversees the enforcement of the DPA and issues guidelines and advisories to ensure compliance.