Philippines

Summary

Law: The Data Privacy Act of 2012 (Republic Act No. 10173) ('the Act')

Regulator: The National Privacy Commission ('NPC')

Summary: The Act came into effect in 2012 and is the first comprehensive data privacy law in the Philippines. The NPC was established in 2016 and supplemented the Act through the Implementing Rules and Regulations of Republic Act No. 10173 ('IRR'), which provides details on the requirements under the Act as well as sanctions for non-compliance. The NPC has also released over 100 advisory opinions in response to queries on topics such as data breach management, notifications regarding automated decision-making, the designation of data protection officers, Privacy Impact Assessments, and access to personal data. In addition, the Act Defining Cybercrime, Providing for the Prevention, Investigation, Suppression and the Imposition of Penalties therefore and for Other Purposes (Republic Act No. 10175) ('the Cybercrime Law'), which entered into effect in 2012, stipulates, among other things, requirements for service providers to maintain the security of computer data. The Philippines recently began the application process in order to participate in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules ('APEC CBPR') system.

Browse more content in Philippines

All Guidance Notes

All News

All Insights

News

20 November 2023

Philippines: NPC launches public consultation on draft circular on guidelines on legitimate interest

14 November 2023

Philippines: NPC publishes circular on data privacy competency program

14 November 2023

Philippines: NPC publishes circular on consent guidelines

14 November 2023

Philippines: NPC issues public advisory on mandatory display of NPC Seal of Registration

31 October 2023

International: Malta and the Philippines sign MoU on data protection

24 October 2023

International: Canada and the Philippines sign MoU on data protection

18 October 2023

Philippines: NPC and DICT sign MOA on ensuring safeguarding of digital security and privacy

11 October 2023

Philippines: NPC warns against resharing of Philippine Health Insurance Corporation leaked data

09 October 2023

Philippines: NPC investigates potential data breach by Philippine Health Insurance Corporation

17 July 2023

Philippines: NPC receives unmodified opinion by COA

17 July 2023

Philippines: NPC announces mandatory data protection officer and system registration

26 May 2023

Philippines: NPC requests comments on draft circular on best practices for consent

Insights

April 2023

Philippines: Rules on registration of DPOs and data processing systems - What you need to know

The National Privacy Commission ('NPC'), the Philippine agency tasked to implement the Data Privacy Act of 2012 (Republic Act No. 10173) ('the Act'), recently issued Circular No. 2022-04 ('the Circular') which took effect on 11 January 2023. The Circular prescribes guidelines for the registration of personal data processing systems, notification regarding automated decision-making or profiling, and designation of data protection officers ('DPOs').

In this Insight article, Mary Thel Mundin, Dwight Garvy Tan, and Maria Angelica Torio, from Gatmaytan Yap Patacsil Gutierrez & Protacio (C&G Law), discuss the Circular's provisions regarding registration requirements for DPOs, how and when to register, automated decision-making and profiling, as well as penalties.

June 2022

Philippines: Data Protection in the Financial Sector

May 2022

Philippines: Cybersecurity

March 2022

International: Handling children's personal data in the APAC region – Part two

The processing of children's personal data, from collection to destruction, generally carries with it special considerations. Indeed, the level of protection afforded to children is often higher, due to in part their capacity to understand the consequences of providing their information and the potential risks associated with their use or misuse. In part two of this series, OneTrust DataGuidance considers the rules in the APAC region which govern children's personal data, featuring perspectives from New Zealand, the Philippines, and Singapore.

For insight into handling children's personal data in Australia, China, India, and Japan, please see part one here.

March 2022

Philippines: Online privacy

For many organisations, the first step towards compliance in a jurisdiction may involve ensuring that their online presence is in line with any locally applicable rules and regulations. OneTrust DataGuidance provides an overview of online privacy in the Philippines, with a focus on relevant topics such as cookies, emarketing, and privacy policies.

January 2022

Philippines: Data Privacy Act of 2012 – Understanding the treatment of foreign persons personal data

Ten years after the implementation of the Data Privacy Act of 2012 (Republic Act No. 10173) ('the Act'), and six years after the creation of the National Privacy Commission ('NPC') through the Implementing Rules and Regulations of Republic Act No. 10173 ('IRRs'), the ambiguity of the Act on the treatment of foreign persons personal data has been clarified to some extent. OneTrust DataGuidance provides an analysis of the treatment of foreign persons personal data under the Act featuring insights from JJ Disini, Managing Partner at Disini & Disini Law Office.

October 2021

Philippines: An overview of Vendor Privacy Contracts

March 2021

Philippines

Summary

Browse more content in Philippines

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us