PDPA Philippines (2019)

Refine & Fortify Your Data Protection and Compliance


Data Privacy Act of 2012 or Republic Act No. 10173 is considered a comprehensive Philippine law that serves to protect one's personal data while allowing a free flow of information to generate innovation and development. It regulates the collection, recording, organizing, storing, updating, retrieval, use, consolidation, blocking, erasure, or destruction of personal data. The national law also puts the Philippines within the international benchmarks set for protecting data through the National Privacy Commission (NPC).

Key Features of the Data Privacy Act:

  • Protection of Personal Information: This Act also protects personal information by providing standards on how personal data is to be collected, stored, and processed.
  • Rights of Data Subjects: Individuals have the right to be informed, to object, to access, to correct, and to block or remove their personal data from processing.
  • Personal Information Controllers and Processors Obligations: Handlers of personal data are obliged to institute reasonably appropriate organizational, physical, and technological measures for the protection of personal information.
  • National Privacy Commission (NPC): An independent body tasked to administer and implement the provisions of the Act with concern to compliance and complaints.

Compliance with the Data Privacy Act:

Organizations that operate within the Philippines or deal with the personal information of citizens are covered under the Data Privacy Act. Non-compliance can result in important sanctions as for defaulting, including fines and imprisonment.

We know how intricate the data privacy regulation is and therefore offer full consulting services in making businesses compliant with the Data Privacy Act.

Our team of experts provides tailored solutions, including privacy impact assessments, data protection officer training, and the development of privacy management programs.

How PDPA Philippines Can Benefit Your Organization:

  • Improved Reputation: An organization that demonstrates concern for its customers' privacy will, in general, be regarded as honest and responsible, helping create a better brand image, which could also give rise to long-lasting customer loyalty.
  • Improved Incident Response and Risk Mitigation: Compliance assures that the organization has an overall plan in place in case of an incident, as per industry standards, thus improving their chance of quick detection, response to the attack, and recovery of their loss (e.g., to remain operational with minimal damage while they clean up the attack).
  • Seamless Global Operations: PDPA Philippines strict compliance towards worldwide standards on privacy (for instance, GDPR, CCPA) and, as such, simplifies international cooperation, partnerships, and expansion in whichever way possible.
  • Increase in Business Opportunities: A good number of organizations prefer to engage business partners that are compliant with privacy regulations, especially in finance, healthcare, and e-commerce. This is a new avenue for expansion in business.
  • Employee Awareness & Internal Security Culture: Apart from internal risks reduction as employees are trained on their data privacy obligations, this instils accountability, thus creating a culture of security-first thinking across the organization.