Privacy Consulting

PDPA Philippines (2019)

Refine & Fortify Your Data Protection and Compliance

Get Started

Data Privacy Act of 2012 or Republic Act No. 10173 is considered a comprehensive Philippine law that serves to protect one's personal data while allowing a free flow of information to generate innovation and development. It regulates the collection, recording, organizing, storing, updating, retrieval, use, consolidation, blocking, erasure, or destruction of personal data. The national law also puts the Philippines within the international benchmarks set for protecting data through the National Privacy Commission (NPC).

OUR OTHER SERVICES

  • Threat Intelligence

    Threat intelligence entails the process of collecting information and analyzing it to make sense of a cyber threat, an attacker's tactics, and any vulnerabilities to make secure decisions in their cyber posture. The resulting intelligence can be used to inform decisions around risk management, threat response, and cybersecurity strategy.

  • SEBI CSCRF

    The SEBI CSCRF, Cyber Security and Cyber Resilience Framework, was designed to guide regulated entities in building and enhancing their cyber posture so that they can proactively prevent, detect and respond to a threat, delivering cyber resilience and stability to the financial market as a whole.

  • SOC 1 & SOC 2 Reporting

    SOC compliance incorporates AICPA's SOC reporting in order to ensure service organizations represent and meet information security and operational expectations in relation to the secure management of their clients' data. SOC 1, SOC 2, and SOC 3 reports - all reflect various operational and security controls.

Key Features of the Data Privacy Act:

Protection of Personal Info

Protection of Personal Information

This Act also protects personal information by providing standards on how personal data is to be collected, stored, and processed.

Rights of Data Subjects

Rights of Data Subjects

Individuals have the right to be informed, to object, to access, to correct, and to block or remove their personal data from processing.

Controllers and Processors

Controllers and Processors Obligations

Handlers of personal data are obliged to institute reasonably appropriate organizational, physical, and technological measures for the protection of personal information.

National Privacy Commission

National Privacy Commission (NPC)

An independent body tasked to administer and implement the provisions of the Act with concern to compliance and complaints.

Compliance with the Data Privacy Act:

Regulatory Scope

Regulatory Scope

Organizations that operate within the Philippines or deal with the personal information of citizens are covered under the Data Privacy Act. Non-compliance can result in important sanctions as for defaulting, including fines and imprisonment.

Consulting Services

Consulting Services

We know how intricate the data privacy regulation is and therefore offer full consulting services in making businesses compliant with the Data Privacy Act. Our team of experts provides tailored solutions, including privacy impact assessments, data protection officer training, and the development of privacy management programs.

How PDPA Philippines Can Benefit Your Organization:

Improved Reputation

Improved Reputation

An organization that demonstrates concern for its customers' privacy will, in general, be regarded as honest and responsible, helping create a better brand image, which could also give rise to long-lasting customer loyalty.

Crisis Management

Improved Incident Response and Risk Mitigation

Compliance assures that the organization has an overall plan in place in case of an incident, as per industry standards, thus improving their chance of quick detection, response to the attack, and recovery of their loss (e.g., to remain operational with minimal damage while they clean up the attack).

Seamless Global Operations

Seamless Global Operations

PDPA Philippines strict compliance towards worldwide standards on privacy (for instance, GDPR, CCPA) and, as such, simplifies international cooperation, partnerships, and expansion in whichever way possible.

Increase in Business Opportunities

Increase in Business Opportunities

A good number of organizations prefer to engage business partners that are compliant with privacy regulations, especially in finance, healthcare, and e-commerce. This is a new avenue for expansion in business.

Employee Awareness

Employee Awareness & Internal Security Culture

Apart from internal risks reduction as employees are trained on their data privacy obligations, this instils accountability, thus creating a culture of security-first thinking across the organization.

Ready to see CyberCube in action?

Contact Us