After the National Privacy Commission (NPC) issued the implementing rules and regulations of the Data Privacy Act of 2012, which took effect on 9 September 2016, the stage is now set for controllers and processors of personal information of data subjects to check and ensure their respective compliance with the requirements of the law.
The rules mirror the general principles and requirements of the Data Privacy Act of 2012 (DPA) on the processing of personal information in the government and the private sectors, and the penalties for violations. They reiterate, clarify and enforce the general policy of the DPA to protect the fundamental right of individuals to data privacy while at the same time ensuring the free flow of information for national development.
The rules also promote the general principles of transparency, legitimacy of purpose, and proportionality in processing personal information, by particularising the requirements of the DPA imposed on both personal information controllers (PICs) and personal information processors (PIPs) who: (1) process personal information belonging to Philippine citizens or residents; (2) are established or located in the Philippines; or (3) have commercial links to the Philippines by contract or business presence.
You must be a
to read this content, please
Business Law Digest is compiled with the assistance of Baker McKenzie. Readers should not act on this information without seeking professional legal advice. You can contact Baker McKenzie by emailing: Danian Zhang at email@example.com, or for general enquiries contact Anand Ramaswamy at firstname.lastname@example.org